Start Making an Impact
  • >
  • Privacy Policy

Privacy Policy

Effective Date: [1 January 2026]

  1. Introduction
    Initiate Global Foundation, Inc. (“Initiate Global,” “we,” “us,” or “our”) respects and values your right to privacy.

    As a non-stock, non-profit organization acting as a foundation and conduit between donors, campaign creators, beneficiaries, and partners, we are committed to protecting personal data in accordance with:

    1. The Data Privacy Act of 2012 (Republic Act No. 10173)
    2. Its Implementing Rules and Regulations
    3. National Privacy Commission (NPC) circulars and issuances

    This Privacy Notice explains how we collect, use, process, store, share, and protect your personal data.

  2. Categories of Data Subjects
    We process personal data from the following categories of individuals:
    1. Donors / Backers – Individuals or entities making voluntary contributions.
    2. Campaign Creators – Individuals or organizations raising funds through the platform.
    3. Beneficiaries – Individuals or communities receiving support.
    4. Platform Users – Visitors and registered account holders.
    5. Trustees, Officers, Employees, and Volunteers – Individuals involved in operations.
    6. Vendors and Service Providers – Third parties engaged for platform support.
  3. Categories of Personal Data We Collect
    Depending on your role, we may collect and process:

    3.1 Basic Personal Identifiers

    • Full name
    • Date of birth
    • Gender
    • Nationality
    • Civil status
    • Address
    • Email address
    • Contact number

    3.2 Government-Issued Identifiers (For KYC/Compliance)

    • Passport
    • Driver’s license
    • TIN
    • Other valid government IDs

    3.3 Financial and Transaction Data

    • Donation or pledge amounts
    • Transaction history
    • Bank account details (for disbursement)
    • Proof of source of funds (for AML compliance)

    3.4 Business / Organizational Information (For Creators)

    • SEC / DTI / CDA registration documents
    • Articles of Incorporation or organizational documents
    • Authorized signatory details
    • Bank account details for disbursement

    3.5 Sensitive Personal Information

    • Medical records (for health-related campaigns, with explicit consent)
    • Proof of emergency circumstances
    • Beneficiary documentation

    3.6 Technical and Usage Data

    • IP address
    • Device and browser type
    • Login credentials
    • Cookies and tracking data
    • Platform interaction logs

    3.7 Communications

    • Emails
    • Messages
    • Customer support requests
    • Complaint or dispute records
  4. Purposes of Processing
    We process personal data for lawful, specific, and legitimate purposes, including:
    1. Facilitating donation-based and reward-based crowdfunding campaigns.
    2. Conducting KYC and AML verification in compliance with applicable laws.
    3. Processing donations, disbursements, refunds, and payouts.
    4. Ensuring regulatory compliance with government authorities.
    5. Maintaining user accounts and providing support.
    6. Monitoring platform integrity and preventing fraud.
    7. Improving services, user experience, and platform performance.
    8. Generating anonymized reports for transparency and impact measurement.

    All processing is necessary, proportionate, and aligned with our foundation’s mission.

  5. Lawful Basis of Processing
    Processing of personal data is based on one or more of the following:

    5.1 Consent
    When you voluntarily register, donate, launch a campaign, or agree to specific uses of your data.

    5.2 Contractual Necessity
    Processing necessary to:

    1. Create accounts
    2. Facilitate donations
    3. Disburse funds
    4. Resolve disputes
    5. Enforce platform agreements

    5.3 Legal Obligation
    Processing required to comply with:

    1. Data Privacy Act (RA 10173)
    2. Anti-Money Laundering Act (RA 9160)
    3. Tax and reporting laws
    4. Other regulatory obligations

    5.4 Legitimate Interests
    Including:

    1. Fraud detection
    2. Security monitoring
    3. Platform analytics
    4. System improvements

    We ensure legitimate interests do not override your fundamental rights.

    5.5 Vital Interests
    Where processing is necessary to protect life, health, or safety (e.g., emergency fundraising).

  6. Data Sharing and Disclosure
    We share personal data only when necessary and under strict safeguards.

    6.1 Internal Recipients

    1. Authorized personnel with role-based access
    2. Data Protection Officer (DPO)
    3. Compliance and audit teams

    6.2 External Recipients
    We may share data with:

    1. Payment processors and partner banks
    2. Regulatory authorities (e.g., SEC, BIR, AMLC, NPC)
    3. Auditors and legal advisors
    4. Cloud hosting and IT service providers
    5. KYC and identity verification partners
    6. Beneficiaries (limited donor information, where applicable)

    All third parties are bound by Data Processing Agreements (DPAs).

  7. Cross-Border Transfers
    Where data is processed outside the Philippines (e.g., cloud services), we ensure:
    1. Standard contractual safeguards
    2. Equivalent protection mechanisms
    3. Compliance with DPA and NPC guidelines

    We do not sell or trade personal data.

  8. Data Security
    Initiate Global implements organizational, physical, and technical safeguards.

    8.1 Organizational Measures

    • Appointment of a Data Protection Officer (DPO)
    • Privacy training for staff
    • Confidentiality agreements
    • Incident response and breach notification procedures

    8.2 Physical Measures

    • Controlled office access
    • Secure document storage
    • Disaster recovery planning

    8.3 Technical Measures

    • Encryption in transit and at rest
    • HTTPS/TLS security protocols
    • Multi-Factor Authentication (MFA)
    • Firewalls and intrusion detection systems
    • Regular vulnerability testing
    • Secure backups and redundancy
  9. Risks and Mitigation
    While we implement robust safeguards, risks may include:
    • Unauthorized access
    • Phishing or identity theft
    • Fraudulent transactions
    • Service disruption

    Mitigation includes:

    • Role-based access controls
    • Fraud detection systems
    • Continuous monitoring
    • Incident response procedures
    • User awareness guidance
  10. Data Retention and Disposal
    We retain personal data only for as long as necessary:
    • Financial records: in accordance with legal retention requirements
    • AML-related documentation: as required by applicable law
    • Account data: while active and for compliance periods thereafter

    Upon expiry, data is securely deleted or destroyed.

  11. Data Subject Rights
    Under the Data Privacy Act, you have the right to:
    1. Be informed
    2. Access your personal data
    3. Rectify inaccurate data
    4. Erasure or blocking (subject to legal retention limits)
    5. Object to processing
    6. Data portability
    7. Claim damages for unlawful processing

    To exercise your rights, contact our Data Protection Officer.

  12. Contact Information

    Data Protection Officer (DPO)

    Initiate Global Foundation, Inc.

    Email: [email protected]

    Address: 19th Floor, Capital House, 9th Avenue corner Lane S, Bonifacio Global City, Taguig, Philippines

  13. Updates to This Privacy Notice
    We may update this Privacy Notice to reflect changes in law, technology, or operations.
    Material updates will be posted on our website and, where necessary, communicated to users.

Prepared by Management, 2026

Cookie PolicyWe use cookies to improve your experience. By continuing, you agree to our use of cookies. For details, see our policy.