Discover mobile application

Privacy Policy

This policy explains how DOST VII collects, uses, stores, shares, protects, and disposes of personal data when you use Discover: Events Hub and its connected event services.

Effective June 22, 2026 Last updated July 11, 2026 Philippines

1. Scope and personal information controller

Department of Science and Technology Regional Office VII (DOST VII) operates Discover: Events Hub as an event companion for discovering events, participant registration, attendance, programs, forums or sub-events, exhibitor activities, audience Q&A, feedback, certificates, rewards, and related support.

This policy applies to the mobile app, its backend services, and public event pages that directly support these functions. DOST VII acts as the personal information controller for data processed through these services, subject to applicable arrangements for a specific event.

2. Personal data we collect

The information collected depends on the services you use and may include:

  • Account data: first name, optional middle initial, last name, email address, password hash, account status, consent records, and account timestamps.
  • Participant profile: contact number, sex, senior citizen or PWD indicator, institution or organization, and position or designation.
  • Event records: pre-registration, registration, forum or sub-event participation, check-in and attendance timestamps, participation type, QR tokens, signatures when required, and registration status.
  • Exhibit and reward activity: booth visits, QR scans, favorites, quiz answers and scores, quest progress, claim status, and related verification logs.
  • Feedback and Q&A: ratings, comments, suggestions, selected feedback target, questions, moderation status, and whether a question is displayed anonymously.
  • Certificate information: participant name, eligible event or sub-event, issuance details, and certificate access records.
  • Account recovery and support: password-reset tokens and expiry, delivery status, support correspondence, and information needed to verify a request.
  • Technical data: server request information, device notification token and preferences when notifications are enabled, app version/build information, and diagnostic or security logs needed to operate the service.
Passwords: the service stores password hashes, not readable plain-text passwords. Never send your password by email or support message.

3. Device permissions and app features

Camera

Camera permission is requested when you choose a QR scanning feature, such as attendance, exhibit visits, registration codes, or reward claims. The app does not use the camera for background monitoring.

Notifications

If you allow notifications, the app may store a device notification token and your preferences to deliver event updates, reminders, and certificate alerts. You can change notification permission in your device settings.

Maps, external pages, and files

The app may open embedded maps, program files, certificates, social pages, and other event links. Those services may receive standard connection data and apply their own privacy policies.

4. How we use personal data

  • Create, authenticate, maintain, support, and secure participant accounts.
  • Register participants and synchronize eligible existing event records.
  • Verify attendance, forum participation, exhibitor visits, quest completion, reward claims, feedback eligibility, and certificate eligibility.
  • Show personalized event information, registrations, QR codes, progress, favorites, and certificates.
  • Moderate audience questions and prevent spam, abuse, explicit content, fraud, and unauthorized use.
  • Send requested password-reset messages, event notifications, reminders, and service communications.
  • Produce event administration, attendance, monitoring, audit, and official reporting outputs.
  • Diagnose errors, maintain service reliability, improve events, and respond to support or privacy requests.

When you choose Ask anonymously, your name is hidden from the host and audience display. The service may still retain an internal account association where needed for moderation, security, and abuse prevention.

5. Basis for processing

Depending on the activity, processing may be based on your consent, your request to register for or participate in an event, DOST VII's lawful mandate and public functions, compliance with legal or records-management obligations, and legitimate operational or security needs consistent with applicable Philippine data protection law.

Where consent is required, you may withdraw it, but some account, registration, attendance, certificate, reward, or communication features may then become unavailable.

6. When information is shared

We do not sell personal data. Information may be accessed or disclosed only as reasonably necessary to:

  • Authorized DOST VII personnel, event administrators, organizers, and support staff responsible for registration, attendance, moderation, reporting, certificates, and rewards.
  • Infrastructure, hosting, email, notification, mapping, document-viewing, or other service providers that process limited information to deliver their service.
  • Partner offices or event organizers where needed for the event you joined and subject to appropriate authority and safeguards.
  • Government, regulatory, investigative, or legal authorities when required by law, lawful order, official process, security, or protection of rights.

7. Storage and security

We apply reasonable administrative, physical, and technical safeguards appropriate to the service, including authenticated access, password hashing, role-based administrative access, database controls, validation, and secure production communications.

The app may also store a limited session, preferences, cached event data, and update-notice state on your device. Signing out or clearing the saved session removes applicable local session data. No online system can guarantee absolute security, so users should protect their credentials and report suspected misuse promptly.

8. Retention

Personal data is retained only for as long as reasonably necessary for the stated event purpose, account services, checked-in attendance, official reporting, certificates, rewards, audit, security, dispute handling, records management, and applicable legal obligations.

Retention periods may vary by record type and event. When identifiable information is no longer required, it is deleted, anonymized, or securely archived in accordance with applicable requirements.

9. Account and data deletion

You can schedule deletion in the app under Profile > Delete account. After password confirmation, the account is disabled immediately and scheduled for deletion after 15 days.

You can also request deletion without the app by following the public account deletion instructions. During the 15-day waiting period, contact support if the request was made by mistake and you want the account restored.

Some checked-in attendance, certificate, audit, official reporting, security, or legally required records may be retained or anonymized after account deletion. The retained information is limited to what remains necessary for those purposes.

10. Your privacy rights

Subject to the Data Privacy Act of 2012, its implementing rules, verification, and applicable exceptions, you may request information about processing, access, correction, updating, objection, restriction or blocking, deletion, withdrawal of consent, and data portability where applicable. You may also raise a concern with the National Privacy Commission.

To protect users, we may ask for reasonable information to verify identity and authority before acting on a request.

11. Children's privacy

The app is intended for event participants and is not designed specifically for children. If an event permits minors, the organizer and responsible adult must ensure that appropriate authority, notice, and consent requirements are satisfied. Contact us if you believe a minor's data was submitted without proper authority.

12. Changes to this policy

We may revise this policy when app features, event operations, service providers, or legal requirements change. The revised version will be posted on this page with an updated date. Material changes may also be communicated through the app or another appropriate channel.

13. Contact us

For privacy concerns, access or correction requests, account deletion, or questions about this policy, contact DOST VII through either address: