PRIVACY POLICY

Privacy Statement

At NUSTAR RESORT & CASINO (“NUSTAR”), operated by Universal Hotels and Resorts Inc. (UHRI), we are committed to protecting your privacy. We recognize the importance of handling your personal data responsibly, with discretion and accountability. Any personal data you provide to us, or that we collect during your interactions with us, will be handled with the highest standards of security and confidentiality.

In handling your personal data, we adhere to the principles of the Data Privacy Act of 2012, its implementing rules and regulations, and other relevant policies and issuances of the National Privacy Commission. Furthermore, we strive to align our data protection practices with internationally recognized standards.

 

Coverage of this Privacy Policy

This Privacy Policy details the personal data that we collect and explains how we process this information. It also affirms your rights as a data subject and provides guidance on how you may exercise these rights through our Data Protection Office.

This Policy applies to all forms of personal data, whether digital, written, or verbal, that are collected, maintained, used, shared, or otherwise processed by NUSTAR. This encompasses data gathered through our physical premises, digital platforms (such as websites, apps, or social media), communication channels, and transactions or engagements with any of our services, whether processed manually or through automated systems.

 

Why is Your Personal Data Being Processed

Your personal data is collected, used, stored, retained, disclosed, disposed of, and otherwise processed for specific purposes.

We process the personal data we collect based on how you interact or transact with us, which may include the following:

For prospective hires, team members, or independent professionals

  • To evaluate and process employment applications;
  • To administer and manage various employment-related functions. These include, but are not limited to:
    • Payroll processing and the maintenance of compensation and benefits records;
    • Administration of employee benefits such as health maintenance organization (HMO) coverage, including the enrolment of eligible dependents;
    • Performance evaluations and related human resource development initiatives;
    • Compliance with relevant laws, including those mandated by the Labor Code, Philippine Amusement and Gaming Corporation (PAGCOR) and the Anti-Money Laundering Council (AMLC);
    • Conducting background checks and employment verifications as part of due diligence;
    • Organizing employee engagement activities, training and development programs;
    • Managing the offboarding process for resigning or terminated employees, including exit interviews and clearance procedures; and
    • Processing of legislated benefits and fulfill tax documentation and reporting requirements, including withholding and remittance of taxes, as mandated by laws;
  • To manage and control access to various premises within the property; and
  • Other lawful and relevant purposes necessary for the effective management of the employer-employee relationship.

For current and prospective members of NUSTAR Rewards Club and Membership

  • To register and manage your membership in the NUSTAR Rewards Club by creating and maintaining your account, verifying your identity, and processing any updates to your membership status or tier;
  • To track your participation in the rewards program by earning and redeeming points, managing your benefits, and notifying you of available rewards or changes to your membership status;
  • To analyze your preferences, purchase history, and engagement in order to provide tailored offers, discounts, and promotions relevant to your interests;
  • To send you updates about your membership, such as point balances, special promotions, program changes, and exclusive events or experiences;
  • To respond to your questions, feedback, or concerns related to your membership or rewards, and to provide general assistance;
  • To include you in marketing campaigns, surveys, contests, or promotions, if you have consented to receive such communications;
  • To analyze participation trends and member feedback in order to evaluate and improve the rewards program and membership offerings; and
  • To comply with applicable laws and regulations and to detect and prevent fraudulent or unauthorized use of the rewards program.

For hotel guests, customers, players and patrons

  • To facilitate you registration within our booking and reservation system;
  • To confirm your identity and complete your booking and registration process;
  • To deliver personalized services such as housekeeping, concierge, room service, wellness facilities, and other amenities during your stay;
  • To handle transactions, issue invoices, process payments, and manage any deposits or charges associated with your stay;
  • To address inquiries, respond to requests or concerns, and deliver a satisfying guest experience;
  • To link your stay with any membership or rewards program you participate in, enabling you to earn or redeem benefits;
  • To send you promotional offers, newsletters, or event invitations relevant to your preferences and stay history, if you have opted in to receive them;
  • To ensure the safety and security of individuals, and property, including through the use of surveillance systems, visitor logs, and incident reporting;
  • To gather feedback after your stay, to assess guest satisfaction and improve the quality of services offered; and
  • To comply with our legal obligations and requirements;

For external contractors/service providers

  • To assess your eligibility as a contractor;
  • To create and manage contracts, including tracking terms, changes, and performance metrics;
  • To process payments, manage billing and invoicing and maintain financial records in accordance with contractual agreements;
  • To comply with applicable laws, regulatory obligations, and internal policies;
  • To manage physical or digital access to company premises, systems, or data; and
  • To address any disputes, enforce contractual rights, or defend against legal claims related to the contractor relationship

For individuals who engage in activities related to NUSTAR’s events and promotional efforts

  • To register you for events, manage attendance, and provide event-related updates;
  • To communicate with you before, during, and after events, including sending reminders, follow-ups, and relevant information;
  • To send promotional materials, newsletters, and information about future events, products, or services that may be of interest to you;
  • To document and promote the event through video recordings or photographs in which you may be identifiable. This content may be used to share highlights through our official channels, enhance brand engagement, and maintain an event archive;
  • To tailor content and communications based on your preferences or previous interactions, enhancing your overall experience;
  • To collect feedback through surveys or other means in order to evaluate and improve future events and marketing efforts; and
  • To maintain records for internal purposes and comply with applicable legal or regulatory requirements related to event participation and marketing communications.

For individuals or entities leasing space, operating retail outlets, or participating as product/service exhibitors

  • To collect and evaluate your eligibility as a lessee, retailer, or exhibitor;
  • To prepare, negotiate, and finalize lease or rental agreements;
  • To manage rental or leasing payments, issue invoices, handle deposits or fees, and maintain financial records for accounting and audit purposes;
  • To ensure compliance with internal policies and applicable laws, such as business permits, safety standards, tax regulations, and contractual obligations;
  • To provide appropriate access to leased or event spaces and monitor activities for the safety and security of all parties;
  • To include your business or participation in promotional materials, event listings, or directories, subject to your consent where required; and
  • To address any concerns, complaints, or issues that arise during your tenancy or participation and provide operational support throughout your engagement.

For individuals accessing our applications via mobile devices or web browsers

  • To collect personal information required for registering and maintaining your user account;
  • To provide you with access to core features and functionalities of the application, such as booking services, viewing transactions, managing your profile, or receiving updates and notifications;
  • To verify your identity, protect your account, prevent unauthorized access, and detect fraudulent activities through security features such as passwords, multi-factor authentication, and device recognition;
  • To tailor content, features, and recommendations based on your usage behavior, preferences, and interaction history, enhancing usability and relevance;
  • To collect technical and usage data (e.g., device type, operating system, app version, crash logs) to monitor app performance, identify issues, and deliver timely troubleshooting or updates;
  • To send important service-related messages, alerts, and promotional content (with your consent), such as booking confirmations, reminders, special offers, and app updates;
  • To analyze how users interact with the app or website, enabling us to improve design, functionality, and user experience through insights gained from aggregated data;
  • To ensure compliance with applicable laws and regulations, including data protection laws, and to maintain records for audits or investigations if necessary; and
  • To deliver targeted advertisements or promotional messages within the app or through connected channels, based on your interests and consent preferences.

 

What Personal Data We Collect

We may collect a range of personal data from you, either directly or automatically, depending on your interaction with us. The types of personal data we may collect include, but are not limited to, the following:

 

Basic Identification Details

This includes your full name, date of birth, email address, residential address, contact numbers, nationality, and identification documents such as a passport or any government-issued ID.

 

Payment and Transaction Data

Information related to your purchases and transactions with us, including payment card details, billing history, and transaction records.

 

Loyalty and Rewards Program Information

Details related to your membership in rewards or loyalty programs that we manage or are affiliated with, including membership numbers, points accrued, and usage history.

 

Travel and Accommodation Preferences

Information regarding your travel plans and preferences, such as flight arrival and departure times, preferred room types, requested amenities, and any special services you have requested or received during your stay.

 

Automatically Collected Technical and Usage Data

Aggregated data collected through digital interactions, such as your device’s IP address, location data, browser type, access times, and activity on our website or online platforms (e.g., pages visited, links clicked, and traffic patterns).

 

Employment-Related Data 

For job applicants, employees, or contractors, we may collect employment-related information such as:

  • Job application details, CV/resume, employment history, educational background, and references;
  • Government-issued identification numbers (e.g., social security, tax ID);
  • Work schedule, attendance, and leave records;
  • Performance reviews, training records, and disciplinary actions;
  • Compensation and benefits information; and
  • Emergency contact details and relevant health or medical information where necessary and lawful

 

Surveillance and Security Data

Visual recordings or images captured through our closed-circuit television (CCTV) systems or surveillance cameras installed on our premises, used for security, safety, and incident reporting purposes which may include identifiable images of individuals in public or monitored areas.

 

How We Collect Personal Data

We collect your personal data through various channels, depending on how you interact or transact with us. This may occur directly from you or through third parties acting on your behalf. Specifically, personal data may be collected when you:

 

Book a Stay or Inquire About Reservations

When you make a booking at any of our hotels or request information about room availability and rates, either in person, through our website, or via third-party booking platforms.

 

Visit Our Website or Social Media Channels

When you browse our official website (e.g., www.nustar.ph) or engage with us on social media platforms, we may collect data through cookies, web forms, or your interaction with posted content.

 

Contact Us Through Various Communication Channels

When you complete application or registration forms, send emails or letters, or speak with our representatives via phone calls or in-person conversations.

 

Enter Our Premises or Attend Events

When you visit our facilities, offices, projects, or events, we may collect data through visitor logs, registration forms, or security systems such as surveillance cameras (CCTV).

 

Participate in Surveys, Contests, or Promotions

When you take part in customer feedback surveys, raffles, loyalty programs, or promotional events, whether online or on-site.

 

Are Referred by Agents or Business Partners

When we receive your information through third-party referrals, including travel agents, service providers, corporate accounts, or affiliated business partners, as part of a transaction or agreement.

 

Register for the NUSTAR Rewards Club Membership

When you voluntarily sign up for our rewards or loyalty programs, either digitally or in person.

 

Submit Employment Applications

When you apply for a job with us, either through online platforms, direct submission to our HR department, or via recruitment agencies

 

Third-Party Links and Sites

Our website or services may contain links to third-party websites, products, or services that are not operated or controlled by us. We are not responsible for the privacy practices, content, or policies of these third parties. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy notice of every site you visit.

The inclusion of these links does not imply our endorsement or affiliation with those third parties. Your interactions with any third-party websites are governed by their own terms and policies, and we encourage you to exercise caution and review those documents before providing any personal information.

 

How Your Personal Data May Be Shared

NUSTAR may share the personal information you provide with its subsidiaries, affiliates, and related companies. Such information will be shared strictly for the purpose of enabling those entities to conduct promotional, marketing, or campaign-related communications regarding their own goods or services. We see to it that these companies are bound by privacy obligations consistent with this Privacy Notice.

Except as outlined above, NUSTAR does not sell, rent, or otherwise disclose your personally identifiable information to third parties for their independent marketing or commercial purposes.

We may disclose your personal information to third parties under the following limited circumstances:

 

To Provide Services You Have Requested

We may share your information with trusted third-party service providers, partners, or contractors when it is necessary to fulfill your request for a product, service, or transaction.

 

Legal Obligations

We may disclose your information in response to valid legal requests such as subpoenas, court orders, or other legal processes, or as otherwise required by law.

 

Compliance with Regulatory Requirements

We may share your information with regulatory or government authorities when necessary to comply with applicable laws, regulations, or reporting obligations. This may involve disclosures to the Anti-Money Laundering Council (AMLC), the Philippine Amusement and Gaming Corporation (PAGCOR), other relevant regulatory bodies, departments and bureaus of the government, as well as law enforcement and other authorized agencies.

 

Enforcement of Policies and Protection of Rights

We may disclose your information if we believe it is necessary to enforce our Terms and Conditions, protect the rights, property, or safety of NUSTAR, our guests, staff, or others, or to investigate and prevent fraud or other illegal activities.

 

In all cases, NUSTAR limits the disclosure of your personal data to only what is necessary and ensures appropriate safeguards are in place to protect your privacy.

 

How We Protect Your Personal Data

We have put in place a comprehensive set of physical, technical, and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, and destruction.

 

Our data protection framework includes the following safeguards:

  • Our facilities are secured through controlled access systems, surveillance monitoring, and restricted access to areas where personal data is stored or processed.
  • We use industry-standard security technologies, such as firewalls, encryption protocols, intrusion detection systems, and secure servers, to protect digital data. Personal data transmitted to and from our systems is encrypted using secure communication channels.
  • Access to personal data is strictly limited to authorized personnel who require it for the purposes described in this Privacy Notice. These individuals are subject to confidentiality obligations and undergo regular privacy and security training.
  • Vendor and Partner Oversight: Any third-party service providers or business partners that process personal data on our behalf are required to implement equivalent security measures and are contractually bound to comply with applicable data protection laws.
  • We only collect and retain personal data that is necessary for the purposes outlined in this notice, and we securely dispose of it when it is no longer needed.

 

How Long Is Your Personal Data Retained

We retain your personal data only for as long as necessary to fulfill the specific, legitimate purposes for which it was originally collected, whether to deliver guest services, enhance your overall guest experience, comply with legal obligations, or support our operational and business functions. We apply rigid retention policies to ensure your data is not kept longer than needed and is securely disposed of once its purpose has been fulfilled.

We follow a data retention schedule that defines how long different categories of personal data are kept. Once the retention period has expired, or when your personal data is no longer required for the above purposes, it will be securely disposed of through industry-standard deletion or anonymization procedures.

Retention periods may vary depending on the type of data and applicable regulatory requirements, but we always strive to ensure that personal data is not kept longer than necessary. For instance:

  • Guest records and transaction histories may be retained for a minimum of five (5) years as required by financial or audit regulations.
  • CCTV footage may be retained for a shorter period (e.g., 30 to 90 days) unless extended due to an ongoing investigation or legal requirement.
  • Marketing consent and preferences are retained until you withdraw your consent or request deletion, subject to our legal obligations.

Should you wish to inquire about the specific retention period applicable to your personal data, or request its deletion, you may contact our Data Protection Officer (DPO) through the contact details provided in this Privacy Notice.

 

Amendments to this Privacy Policy

NUSTAR reserves the right to modify, amend, or replace this Privacy Policy at our sole discretion, in whole or in part, at any time.

In cases where changes are significant or materially affect your rights, we may also notify you through additional means, such as email communication, app notifications, or on-property signage within the NUSTAR premises.

We encourage you to review this Privacy Policy regularly to stay informed about how we collect, use, share, and safeguard your personal information across all facets of NUSTAR including but not limited to our hotel accommodations, casino operations, dining outlets, retail experiences, wellness facilities, loyalty programs, and event venues.

Your continued use of our services, facilities, website, mobile applications, or participation in our loyalty or guest programs following the posting of changes constitutes your acceptance of those changes.

 

Your Rights as a Data Subject

We fully acknowledge and uphold your rights as a data subject under the Data Privacy Act of 2012. These rights are as follows:

  1. Right to be informed;
  2. Right to reasonable access;
  3. Right to object;
  4. Right to rectification;
  5. Right to erasure or blocking;
  6. Right to damages;
  7. Right to data portability; and
  8. Right to lodge a complaint with the National Privacy Commission (NPC).

However, there are certain circumstances where the exercise of these rights may be lawfully restricted in order to safeguard legitimate operational, legal, contractual, or public interests.

These limitations are in place to uphold a fair balance between individual rights and business or regulatory responsibilities.

While we strive to provide transparency, we may be limited from disclosing certain information where disclosure could compromise confidential or proprietary business information. Similarly, your right to access personal data may be limited if fulfilling the request would infringe on the rights of other individuals, involve confidential or legally privileged information, or if the request is excessive or vexatious.

The right to object does not apply where data processing is required by law (e.g., for anti-money laundering, gaming regulations, or public safety), necessary for the fulfillment of contractual obligations, or for the establishment of legal claims.

The right to erasure may be declined if data is needed for legal compliance, public health, or regulatory reporting purposes.

Requests for rectification may be restricted when the data is already accurate or pertains to subjective business assessments such as customer profiling or service preferences.

The right to data portability applies only to data processed through automated means and where transfer is technically and legally feasible.

While you are always entitled to file a complaint, such complaints must be made in good faith and substantiated by facts.

Lastly, the right to be indemnified for damages requires clear proof of harm and is subject to legal evaluation.

 

Contact Our Data Protection Office

If you have any questions about how we collect, use, store, or share your personal data or if you wish to exercise your rights under the Data Privacy Act of 2012, such as requesting access, correction, erasure, or lodging a privacy-related concern we’re here to help.

Please reach out to our dedicated Data Protection Office through the following channels:

 

Office:

Data Protection Office –

UNIVERSAL HOTELS AND RESORTS INC.

NUSTAR RESORT AND CASINO, KAWIT ISLAND, SOUTH ROAD PROPERTIES, MAMBALING, CEBU CITY

 

Email:

dpo@nustar.com.ph

 

Office Hours:

Monday to Friday

8:00 AM – 6:00 PM (excluding holidays)

 

Our team is committed to responding to your inquiries in a timely, respectful, and secure manner, in accordance with applicable data privacy laws.

 

As of August 6, 2025