Privacy Policy
Last updated: January 23, 2026
This Privacy Notice for Philippines Urban Living Solutions, Inc. ("Company," "we," "us," or "our"), describes how and why we will collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:
- Download and use our mobile application (mySTAY Rewards), or any other application of ours that links to this Privacy Notice
- Visit our website at https://mystay.ph, or any website of ours that links to this Privacy Notice
- Engage with us in other related ways, including any sales, marketing, or events
This Privacy Statement informs you of the following matters relating to the processing of the personal information that you submit to us through the mySTAY Rewards app and our website:
- What information do we collect?
- How do we process your information?
- What are our legal bases for the processing of your personal information?
- When and with whom do we share your personal information?
- What are the risks involved?
- How do we handle your social logins?
- Is your information transferred internationally?
- How long do we keep your information?
- Do we collect information from minors?
- What are your privacy rights?
- Do we make updates to this notice?
- How can you contact us about concerns regarding data privacy?
1. What information do we collect?
Personal Information You Disclose to Us
We may request you to provide your personal data, depending on the service/s you will require from us. The personal data we may collect from you are as follows:
- If you access the mySTAY Rewards application or access our Website:
- Technical data such as IP address, device information, browsing behavior
- If you create a mySTAY Rewards account through our website or mobile app:
- Identifiers such as full name, username, password, gender, birthday
- Contact data such as mobile number, email address
- User profile data such as loyalty preferences, services preferences
- If you book hotel rooms or accommodations using the app or website:
- Identifiers such as full name, email address, mobile number
- Contact data such as mobile number, email address
- User profile data such as password, booking history
- Booking information such as stay period, branch, room preference, special requests, guest(s)
- If you contact the Support Admin:
- Identifiers and contact data such as full name, contact number, email
- Booking details such as stay period, branch, room preferences, special requests, guest(s)
- Nature and details of inquiries, concerns, or complaints
- Other information: any data you voluntarily submit through forms, chat, or feedback
When you pay via credit card, debit card, or e-wallet, you will be redirected to a secure payment method form owned and operated by an independent payment gateway service provider, which shall collect and process your financial information pursuant to its own terms and policies.
The member is responsible in ensuring that the personal data he provides is accurate and updated. Any member may update his or her personal data at any time by accessing his or her account on the mySTAY Rewards website or mobile application. We and our affiliates, service group, or partner shall not be held liable for any loss, damage, injury or claim arising from the member’s failure to keep his account information or personal data updated.
We collect personal information that you voluntarily provide to us when you:
- Download and create an account using the mySTAY Rewards App and website
- Make or manage a hotel reservation
- Use in-app features, such as mobile check-in, service requests, chat, payments, feedback forms
- Contact customer support
- Participate in surveys, promotions, or marketing campaigns
- Express an interest in obtaining information about us or our products and Services
Collection of Computer Data
We or our authorized service providers may use cookies, web beacons, and other similar technologies for storing information to provide you with a better, faster, safer, and personalized experience when you use the mySTAY Rewards services and/or access our digital platforms and technologies.
Cookies contain information about the web activities of the user. This allows us to understand more about your visit and help us to enhance your experience and may be used for authentication and storing website information or preferences. You are free to accept or decline cookies by modifying your browser setting to decline cookies. However, should you choose to decline cookies, you may not be able to fully experience the features of our website and app.
Web beacons are small graphic images that may be included in the services available on our website and app. These will allow us to count users who have viewed these pages, the time spent on the pages, items searched for, among others, to better understand your preference and interests so we can improve our services.
If you do not want to accept cookies from the mySTAY Rewards website and app, you can remove or reject cookies in your browser settings. If you choose to do this, please be aware that the mySTAY Rewards website and app may no longer function as intended.
2. How do we process your information?
We process your personal information for a variety of reasons, including:
- To create and manage your mySTAY account
- To manage hotel bookings, payments, and stay details
- To enable in-app features such as chat, requests, digital services, or loyalty rewards
- To send administrative messages, including reservation reminders and service updates
- To provide customer support
- To improve our Services through analytics and performance monitoring
- To send marketing or promotional offers, which you may opt out of anytime
- To enhance security, prevent fraud, and enforce our Terms & Conditions
- To comply with legal and regulatory requirements
We may also use anonymized or aggregated data for analytics, service improvements, and reporting.
3. What are our legal bases for the processing of your personal information?
We may process your personal information based on one or more of the following legal grounds:
Consent: We may process your personal information or sensitive personal information based on your explicit consent. This means that you have provided clear and voluntary permission for us to use your data for specific purposes, which you can withdraw at any time. Please note, however, that should you opt to withdraw, modify or limit the scope of consent provided, we may not be able to provide you with the services which you require.
By continuously availing of our services or by your continued use of our website and mobile application, you reaffirm the consent you have provided and authorize us to process your personal data pursuant to this Policy.
Contractual Obligation: If you have entered into an agreement with us, we may process your personal information to fulfill our obligations under that contract. This includes providing the services or products you've requested and managing the associated transactions.
Legal or Regulatory Obligation: In certain situations, we may need to process your personal information or sensitive personal information to comply with legal or regulatory requirements, such as tax regulations, or to respond to lawful requests from government authorities.
Legitimate Interests: We may process your personal information when it's necessary for our legitimate interests, provided those interests are not overridden by your rights and interests. This could include improving our services, conducting marketing activities, or ensuring the security of our systems.
4. When and with whom do we share your personal information?
We ensure that your personal information shall be shared only in a manner that respects your privacy and in compliance with the requirements of the DPA. We may share your personal information to the following in certain circumstances:
- Our Parent Company, Affiliates, and Authorized Personnel: We may share your personal information, including identifiers, contact data, and technical data, to our parent company, affiliates, and our authorized personnel in relation to the Purposes declared in this Privacy Policy. We may also share your personal information to any business or legal entity that acquires the mySTAY business, whether in whole or in part.
- Service Group: Our service group may access and/or use your personal information, including identifiers, contact data, and technical data. These may include our IT providers, data encoders, website and database hosts, advertising and marketing service providers, and those that help us with our business activities. Our service providers have confirmed that they apply appropriate data protection policies and security controls to keep your personal data safe and secured. We have also imposed contractual obligations on these service providers to ensure that they will only use your personal data to render the services agreed upon in relation to your mySTAY membership. We only share such information that is needed to provide services to you and if we stop using a third party, we require them to return, destroy or remove your information from their systems. We do not, and will not, sell your personal data.
- Government Agencies: We may also share your personal data, including identifiers, contact data, user profile data, booking information and technical data, in compliance with applicable laws or when required by a competent court, relevant government office or agency pursuant to DPA legislation and other applicable rules and regulations pertaining to data privacy.
5. What are the risks involved?
Risk is the chance that a harmful incident may happen. In the context of personal data, risk refers to the chance that someone might collect, use, disclose, or access your personal data in an unauthorized manner or in a way that may cause you harm. In order to ensure that the risks to your personal information are minimized, we employ various measures to safeguard your personal information. However, this does not guarantee protection against all threats such as when systems are exposed to targeted cyberattacks, malware, ransomware, and computer viruses or when manual records are accessed without authority. In case a security incident occurs, we’re prepared to respond and manage such incidents in line with our policies and in accordance with regulations.
Information Security
We ensure the security and protection of your personal data against risk of data loss, unauthorized access and disclosure, alteration and unlawful processing. Aside from establishing policies, rules and procedures, we also ensure that all information is secured and protected within the scope of the organization. We conduct periodic Privacy Impact Assessments to evaluate and manage the privacy implications of projects, programs and processes. We also ensure that a Personal Data Breach Management is in place.
We use various appropriate measures to safeguard your personal information. This includes but is not limited to:
- Organizational measures: appointment of Data Protection Officer, access control policy, security awareness training, among others
- Physical measures: security on data centers, card storage, biometric devices, among others
- Technical security measures: encryption, anti-virus software, among others
6. How do we handle your social logins?
Our Services offer you the ability to register and log in using your third-party social media account details, like your Facebook or Google logins. The profile information we receive may include your name, email address, friends list, and profile picture.
For more information on how these third-party social media platforms collect, use and share your personal information, you may review their respective data privacy notices and/or policies.
7. Is your information transferred internationally?
We collect, use, store, and process personal data primarily in the Philippines. Certain data processing and storage activities may be carried out using secure systems and infrastructure located outside the Philippines such as Singapore. In such cases, we ensure that appropriate safeguards are in place and that applicable data protection laws and regulations are strictly observed.
8. How long do we keep your information?
We will store your information for as long as the member retains his or her membership to the mySTAY Rewards program, or for as long as needed for us to be able to provide the relevant services to the member. MySTAY general retention policy is to retain information for 3 years from expiration or termination of membership. In some circumstances, such as to meet our legal or regulatory obligations, resolve disputes, prevent fraud and abuse, or enforce the mySTAY Rewards Terms and Conditions, we may retain your personal data beyond the 3-year period.
Disposal of Your Personal Data
Electronic files shall be erased, while physical records shall be shredded for disposal. When appropriate, anonymization techniques may be performed to permanently remove identifiable information from our records. In all cases, we will make sure that the personal information is destroyed in a way that prevents unauthorized people from accessing, processing or retrieving it.
9. Do we collect information from minors?
Our website and mobile application are intended only for persons who are at least eighteen (18) years old. We neither offer products nor services nor knowingly collect personal data of persons below eighteen (18) years old (“Minors”) without any legal basis or consent of the minor’s parent or guardian. Should we learn that we were provided with personal data of minors, we will delete the same from our database.
10. What are your privacy rights?
As data subjects, you have the following rights:
- Right to be informed. You have the right to be informed of the collection and processing of your personal data, the purpose for which they will be processed, among others. Thus, you are required to read this privacy notice before giving your consent to the collection and processing of your personal data.
- Right to object. You have the right to object to the processing of your personal data. You will be given an option or opportunity to withhold your consent to the processing of your personal data whenever we communicate with you.
- Right to access your information. It is your right to obtain confirmation on whether or not data relating to you are being processed as well as other relevant information about the processing involved.
- Right to updating or rectification. You have the right to rectify or correct any inaccuracy or error in your personal data through the app or by submitting your request for rectification or correction.
- Right to erasure or blocking. You have the right to the erasure or blocking of your personal data in accordance with the requirements of the DPA, subject to restrictions imposed by other regulations.
- Right to damages. You have the right to be indemnified if you incur damages due to inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of your personal data.
- Right to data portability. You have the right to obtain a copy of your data in an electronic or structured format if the same is processed by electronic means and in a structured and commonly used format by submitting a proper request.
- Right to file a complaint. If you have reason to believe that your personal information has been misused, maliciously disclosed, or improperly disposed of or that your data privacy rights have been violated, you have the right to file a complaint.
Account Information
If you would at any time like to review or change the information in your account or terminate your account, you can:
- Log in to your account settings and update your user account
- Use the in-app account settings
- Contact us at [email protected]
11. Do we make updates to this notice?
We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Revised" date at the top of this Privacy Notice. We may update this policy as we may deem fit or as may be necessary to comply with government regulation. We may also revise this policy to comply with the industry’s best practices or if there is a need to revamp the website to adapt to new requirements of technologies or security protocols. All changes on this policy will be posted on our official privacy policy page and on the mobile application.
12. How can you contact us for concerns regarding data privacy?
If you have questions or comments about this notice or if you would like to exercise any of your rights as data subjects or if you would like to raise concerns regarding data privacy, you may contact our Data Protection Officer at:
By email: [email protected]
By mail:
Philippines Urban Living Solutions, Inc.
6/F MYTOWN SYDNEY 3376 HARVARD ST. PINAGKAISAHAN 1213 CITY OF MAKATI NCR, FOURTH DISTRICT PHILIPPINES
We urge you to submit your inquiries, requests or concerns in writing for proper documentation and monitoring. Kindly provide our DPO with the factual background and documentary evidence. Please provide information on how we can contact you regarding your concern/inquiry or complaint.