Privacy Policy — The Version You Might Actually Read
Okay, we know. Nobody reads privacy policies. You scroll straight to the bottom, click “I agree,” and move on with your life. We get it — we do the same thing.
But if you’ve got two minutes (maybe three if you read slowly — no judgment), we wrote this one in plain language. No law school required. We’re a Bohol travel site, not a multinational corporation, so let’s keep it real.
Who We Are
We are Bohol Cebu Travel, the team behind bohol-philippines.com — an independent travel guide for Bohol and Cebu that’s been running since 2010. We’re based in the Philippines and we’re subject to Philippine privacy law, specifically the Data Privacy Act of 2012 (Republic Act No. 10173) and all subsequent issuances from the National Privacy Commission (NPC), including NPC Circular 2023-04 on personal data breach management and NPC Advisory 2024-01 on AI-assisted data processing.
We take privacy seriously. Our islands are beautiful. Your data should be, too. (Okay that metaphor doesn’t quite work but you get the idea.)
Data Controller: Bohol Cebu Travel / bohol-philippines.com
Contact: Via our Contact Page
What Information We Actually Collect
What you give us directly
When you fill out a contact form or send us a message, we collect:
- Your name
- Your email address
- Whatever you typed in the message box
That’s it. We’re not asking for your passport number, blood type, or the name of your first pet. (Though we’d probably guess “Princess” or “Brownie.”)
What your browser tells us automatically
Like every website on the internet, we collect basic technical data when you visit:
- Your IP address (which tells us roughly what country you’re from — useful for knowing our readers; not useful for finding out where you live)
- Browser type and version
- Which pages you visited and for how long
- How you got here (Google search, a link from another site, etc.)
We collect this through Google Analytics. It helps us understand what content is useful and what’s just taking up server space. We don’t see your name in any of this data — it’s all aggregated numbers.
Cookies
Yes, we use cookies. No, not the kind from your lola’s kitchen — those are better. Web cookies are small text files that websites store on your device.
Here’s what we use them for, honestly:
| Cookie Type | What It Does | Can You Turn It Off? |
|---|---|---|
| Essential cookies | Keeps the site working. Literally the lights-on cookies. | No (the site breaks) |
| Analytics cookies (Google Analytics) | Tells us how many people visited, from where, for how long | Yes, via browser settings |
| Affiliate tracking cookies | Tells our booking partners (Booking.com, Klook, etc.) that you came from us — so we get credit for the referral | Yes, but you might have to re-click our links |
| Social media cookies | Facebook, etc., if you share or like our content | Yes, via browser settings |
You can manage cookies through your browser settings on Chrome, Firefox, Safari, or Edge. Turning off essential cookies will break the site. Turning off analytics cookies means we’ll have less idea what content is useful. Turning off affiliate cookies means we might not get credit for referrals — which affects our ability to keep this site free.
We’re being honest with you here so you can make an informed decision.
Why We Collect This Information
Here’s the short version:
Contact form data → So we can reply to you. That’s the whole reason.
Analytics data → So we know which guides are actually helping people and which ones to improve or update. If 90% of readers leave our Anda guide after 30 seconds, something’s wrong — we want to know that.
Affiliate tracking → So booking platforms (GetYourGuide, Klook, Viator, Booking.com, Agoda) can attribute sales correctly and pay us the commissions that keep this site running.
We don’t sell your data. We don’t trade it. We don’t send it to random third parties. We’re a travel site, not a data broker.
Our Affiliate Relationships — Full Transparency
When you click a booking link on this site and make a reservation, a few things happen:
- The booking platform (say, Booking.com) knows you came from us, thanks to a tracking cookie
- You complete your booking directly with them — we never see your payment details
- If your booking goes through, we earn a small commission from the platform
- Your experience as a traveler is unaffected — the price you pay is the same whether you came through us or typed the URL directly
We partner with: GetYourGuide, Klook, Viator, Booking.com, Agoda, 12Go, and Airalo, among others. Each of these platforms has its own privacy policy that covers what happens after you click through to them. We recommend reading those before booking if you have specific concerns.
We don’t choose partners based on commission rates. We use platforms we’d actually recommend to a kaibigan (friend) visiting Bohol.
How Long We Keep Your Data
Contact form submissions: We keep these for as long as the conversation is relevant — typically no more than three years unless there’s an ongoing matter.
Analytics data: Google Analytics retains individual session data for 26 months by default. We use aggregated (non-personal) data for longer to track site trends over time.
Affiliate tracking cookies: 30–90 days depending on the platform, after which they expire automatically.
We don’t hoard data we don’t need. That’s bad practice and also just untidy.
Your Rights Under Philippine Law
Under the Data Privacy Act of 2012 (RA 10173) and its Implementing Rules and Regulations, you have the following rights:
Right to be informed — You’re reading it. ✓
Right to access — You can ask us what personal data we hold on you. We’ll tell you within 30 days.
Right to rectification — If we’ve got something wrong, we’ll fix it.
Right to erasure — You can ask us to delete your data. We’ll do it unless we have a legal reason to keep it (like accounting records for a transaction).
Right to object — You can tell us to stop processing your data for certain purposes, like if you signed up for updates and now you don’t want them anymore.
Right to data portability — You can ask for a copy of your personal data in a usable format.
Right to damages — If we mess up and it causes you harm, you have the right to seek compensation under Philippine law.
To exercise any of these rights, contact us through the Contact page. We’ll respond within 30 days.
If you’re not satisfied with our response, you can also file a complaint with the National Privacy Commission:
National Privacy Commission
5th Floor, Philippine International Convention Center
Vicente Sotto Avenue, Pasay City 1308
Email: info@privacy.gov.ph
Phone: +63 2 8234-2228
Data Breaches — What We’d Do If Something Went Wrong
We implement reasonable security measures: SSL/TLS encryption, access controls, and regular software updates. But we’ll be honest — no website can guarantee 100% security. The internet is what it is.
In the event of a data breach affecting your personal information, we will:
- Notify the National Privacy Commission within 72 hours of discovering the breach (as required by NPC Circular 2023-04)
- Inform you directly, without unnecessary delay, if the breach poses a real risk to your privacy
- Take immediate steps to contain and mitigate the damage
We hope we never have to use that protocol. But we’ve thought it through.
Children’s Privacy
Our site is not intended for anyone under 18. We don’t knowingly collect data from minors. If you’re a parent and you believe your child has submitted information to us, contact us and we’ll delete it immediately.
Links to Other Sites
Our guides link to a lot of external sites — booking platforms, ferry operators, airline pages, and more. Once you click through to those sites, their privacy policies apply, not ours. We’re not responsible for how third parties handle your data. Check their policies before handing over personal information.
Updates to This Policy
We’ll update this policy if our practices change or if new regulations require it. The “Last Updated” date at the top of this page will always reflect the most recent version.
We won’t send you an email every time we fix a typo. But if we make a material change — something that actually affects your rights or how we handle data — we’ll post a notice on the site.
The Boring Legal Bit (That We’ve Already Explained in Plain Language Above)
For the record: we process personal data under the legal bases established by RA 10173, specifically:
- Consent (contact form submissions, analytics opt-in)
- Legitimate interest (analytics to improve site quality)
- Contractual necessity (affiliate commission tracking)
We comply with NPC Circular 2016-01 (security of personal data), NPC Circular 2017-01 (privacy impact assessment), and NPC Circular 2023-04 (breach management). If you’re a privacy professional checking our compliance, hello — and yes, we have an internal privacy impact assessment on file.
Questions?
Use the Contact page. We’re real people. We’ll reply.
Salamat for reading this far. You’re officially one of the good ones.