This Privacy Policy describes our privacy practices at ACX Outsourcing Hub.


This ACX Outsourcing Hub Privacy Policy applies to


ACX Outsourcing Hub and its affiliates/covered entities (collectively, “ACX Outsourcing Hub”, “we”, or “our”) have created this Privacy Policy to describe how we collect, use, and disclose information. This Privacy Policy applies to ACX Outsourcing Hub’s online sevices and solutions (collectively, the “Services” and “Solutions”).

ACX Outsourcing Hub affiliates/covered entities include ACX Studio and ACX CoWorking.

ACX Outsourcing Hub is a digital marketing agency based in the Philippines with a physical office found at the 2nd floor of the FBK Building on A. Del Rosario Street in Mandaue City, Cebu 6014.

We are thrilled that you are interested in our business. The management of ACX Outsourcing Hub places a high value on data security. The use of ACX Outsourcing Hub’s website is possible without any indication of personal data; however, if a data subject wishes to utilize particular services and solutions via our website, personal data processing may become necessary. If we need to handle personal data and there is no legislative basis for doing so, we usually get consent from the data subject.

Personal data, such as the name, address, e-mail address, and telephone number of a data subject, must always be treated in accordance with the General Data Protection Regulation (GDPR) and any applicable country-specific data protection regulations. Through this data protection declaration, our organization would like to inform the general public about the nature, scope, and purpose of the personal data we collect, use, and process. In addition, this data protection declaration informs data subjects of the rights to which they are entitled.

ACX Outsourcing Hub, in its capacity as data controller, has implemented a number of technical and organizational protections to provide the highest level of protection for personal information gathered via this website.

  1. Definitions

The general public, as well as our customers and business partners, should be able to read and understand our data protection declaration. To ensure this, we’d like to first define the terms.

We use the following terminology in our data protection notice, among others:

  1. Personal Data 

Any information belonging to an identified or identifiable natural person (“data subject”) is considered personal data. An identifiable natural person is one who can be identified, directly or indirectly, through the use of an identifier such as a name, identification number, location data, an online identifier, or one or more factors specific to that natural person’s physical, physiological, genetic, mental, economic, cultural, or social identity.

  1. Data Subject 

Any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing is referred to as a data subject.

  1. Processing

Collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction are all examples of processing.

  1. Solutions and Services

These are alternatives that help your company’s online presence. It could be digital marketing, website design, social media management, Search Engine Optimization, etc.

  1. Name and Address of the Business

ACX Outsourcing Hub is a digital marketing agency based in the Philippines that works with businesses worldwide; helping them create a strong brand in the digital space. 

It is situated on the 2nd floor of the FBK Building on A. Del Rosario Street in Mandaue City, Cebu 6014. It is open Monday through Friday from 1:00 PM to 9:00 AM and can be reached at (888) 506-8113 US Toll Fee or (032) 345-8138 PH Toll Fee. 

Its website is

  1. Cookies

The ACX Outsourcing Hub’s website uses cookies. Cookies are text files that are stored in a computer system via an Internet browser.

Cookies contain a unique identifier. A cookie ID is the cookie’s unique identifier. It is a character string that allows Internet sites and servers to be allocated to the Internet browser in which the cookie was saved. This enables visited Internet sites and servers to distinguish the data subject’s specific browser from other Internet browsers that include other cookies. Using the unique cookie ID, a certain Internet browser may be detected and identified.

ACX Outsourcing Hub can deliver more user-friendly services to this website’s visitors by using cookies, which would not be possible without the cookie setting.

The content and offers on our website can be optimized with the user in mind using cookies. Cookies enable us to recognize our website visitors, as previously stated. This recognition is intended to make it easier for consumers to use our website.

  1. Registration on Our Website

The data subject may register on the controller’s website by submitting personal information. The registration input mask defines which personal data are sent to the controller. Personal information about the data subject is collected and stored only for the controller’s internal use and for his own reasons. The controller may request that personal data be transferred to one or more processors (such as a delivery service) who also use the data for an internal purpose attributable to the controller.

The data subject’s registration, which includes the voluntary disclosure of personal data, is intended to allow the controller to offer the data subject information or services that, due to the nature of the problem at hand, may only be provided to registered users. Individuals who have registered may change or remove their personal information from the controller’s database at any time.

The data controller shall inform each data subject, upon request, regarding the personal data kept about the data subject at any time. Furthermore, if there are no statutory storage obligations, the data controller shall correct or erase personal data at the request or indication of the data subject. In this regard, the controller’s entire staff is available to the data subject as contact persons.

  1. Subscription to Our Newsletters

Users can subscribe to the business’ newsletter by visiting the ACX Outsourcing Hub website. The input mask used for this purpose controls which personal data are communicated as well as when the controller sends the newsletter.

The business sends out a newsletter to its consumers and business partners on a regular basis with information regarding enterprise offerings. The data subject may only get the enterprise’s newsletter if (1) the data subject has a valid e-mail address and (2) the data subject registers for newsletter delivery.

For legal reasons, a confirmation e-mail will be sent to the e-mail address registered by a data subject for the first time for newsletter shipment in the double opt-in method. This confirmation e-mail is needed to verify that the data subject, the owner of the e-mail address, is allowed to receive the newsletter.

  1. Newsletter-Tracking

ACX Outsourcing Hub’s newsletter contains so-called tracking pixels. A tracking pixel is a small image included in HTML-formatted e-mails that allows log file recording and analysis. This enables statistical evaluation of the success or failure of internet marketing operations. ACX Outsourcing Hub can observe if and when an e-mail was opened by a data subject, as well as which links in the e-mail were clicked by data subjects, using the embedded tracking pixel.

  1. Contact Possibility Via the Website

The website offers quick chat interaction and direct connection, which also includes a general address of the so-called electronic mail (e-mail address) and telephone numbers in the company info. The controller stores the personal data sent by data subjects via email or contact forms. No third parties receive this personal info.

  1. Rights of the Data Subject

  1. Right of Confirmation

The European legislator gives data subjects the right to ask the controller if their personal data are being processed. Data subjects can contact any controller employee to exercise this right of confirmation.

  1. Right of Access

Each data subject shall have the right granted by the European legislator to obtain from the controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information:

  • the purposes of the processing;

  • the categories of personal data concerned;

  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;

  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

  • the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;

  • the existence of the right to lodge a complaint with a supervisory authority;

  • where the personal data are not collected from the data subject, any available information as to their source;

  • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

Furthermore, the data subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organization. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

If a data subject wishes to avail himself of this right of access, he or she may, at any time, contact any employee of the controller.

  1. Right to Rectification

Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

If a data subject wishes to exercise this right to rectification, he or she may, at any time, contact any employee of the controller.

  1. Right to Erasure

Each data subject has the right to have personal data concerning him or her erased without undue delay, and the controller is obligated to erase personal data without undue delay if one of the following grounds applies, as long as the processing is not necessary:

  • Personal data is no longer required for the purposes for which it was collected or otherwise processed.

  • Personal information was unlawfully processed.

  • Personal data must be destroyed in order to comply with a legal obligation imposed by Union or Member State law on the controller.

  • The personal data were gathered in connection with the provision of information society services, as defined in Article 8(1) of the GDPR.

If any of the aforementioned reasons apply and a data subject chooses to request the deletion of personal data kept by ACX Outsourcing Hub, he or she may contact any employee of the controller at any time. An employee of the said company must immediately ensure that the erasure request is met.

Where the controller has made personal data public and is required by Article 17(1) to erase the personal data, the controller shall take reasonable steps, including technical measures, to inform other controllers processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data, as far as processing is concerned. In each scenario, an ACX Outsourcing Hub employee will organize the necessary procedures.

  1. Right of Restriction of Processing

Each data subject has the right provided by the European legislature to demand from the controller a restriction of processing in the following circumstances:

  • The data subject contests the accuracy of the personal data for a period allowing the controller to verify the accuracy of the personal data.

  • The processing is illegal, and the data subject opposes erasure of personal data and instead wants that their use be restricted.

  • The controller no longer requires personal data for the purposes of processing, but the data subject requires them for the establishment, exercise, or defense of legal rights.

  • The data subject has objected to processing in accordance with Article 21(1) of the GDPR, pending verification of whether the controller’s legitimate reasons outweigh those of the data subject.

If one of the aforementioned circumstances is met, and a data subject wishes to request that the processing of personal data held by ACX Outsourcing Hub be restricted, he or she may contact any employee of the controller at any time. The processing will be restricted by our employee.

  1. Right to Data Portability

Each data subject has the right, granted by the European legislator, to receive the personal data provided to a controller in a structured, frequently used, and machine-readable format. He or she shall have the right to transmit those data without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried

In addition, in exercising his or her right to data portability under Article 20(1) of the GDPR, the data subject has the right to have personal data transmitted directly from one controller to another, where technically feasible and where doing so does not adversely affect the rights and freedoms of others.

To assert the right to data portability, the data subject may contact any ACX Outsourcing Hub employee at any time.

  1. Right to Object

The European legislator grants each data subject the right to object, on grounds relevant to his or her particular situation, at any time, to the processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to the creation of profiles based on these provisions.

In the event of an objection, ACX Outsourcing Hub will cease processing the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.

  1. Automated Individual Decision-making, Including Profiling

Each data subject has the right granted by the European legislator not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning him or her or otherwise significantly affects him or her as long as the decision (1) is not required for entering into or performing a contract between the data subject and a data controller, or (2) is not authorized by Union or Member State law to which the data subject is subject.

  1. Right to withdraw data protection consent

The European legislator has provided each data subject the right to withdraw his or her consent to the processing of his or her personal data at any time.

If the data subject wishes to exercise his or her right to withdraw consent, he or she may do so at any time by contacting any ACX Outsourcing Hub employee.

  1. Data protection provisions about the application and use of Google Analytics (with anonymization function)

The controller has included a Google Analytics component on this website (with the anonymizer function). Google Analytics is a service for web analytics. A web analysis service collects information such as the website from which a visitor came (the referrer), which sub-pages were visited, and how frequently and for how long a sub-page was viewed.

The Google Analytics component’s aim is to analyze the traffic on our website. Google uses the acquired data and information to analyze the use of our website and to create online reports that indicate the activities on our websites, as well as to provide us with other services related to the use of our Internet site.

Google Analytics puts a cookie on the data subject’s information technology system. The definition of cookies has already been described. Google is able to assess the use of our website thanks to the cookie. With each visit to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component has been integrated, the Internet browser on the data subject’s information technology system will automatically submit data to Google for the purposes of online advertising and commission settlement. During the course of this technical procedure, the firm Google obtains personal information, such as the data subject’s IP address, which allows Google to recognize the origin of visitors and clicks and, as a result, build commission settlements.

The cookie is used to store personal information such as the time of access, the location from which the access was made, and the frequency with which the data subject visits our website. Such personal data, including the IP address of the data subject’s Internet connection, will be communicated to Google in the United States of America with each visit to our Internet site. Google stores this personal data in the United States of America. Google may disclose the personal information gathered through the technological technique to third parties.

As previously stated, the data subject may prevent the setting of cookies through our website at any time by adjusting the web browser used and so permanently denying the setting of cookies. A change to the Internet browser used would likewise prevent Google Analytics from establishing a cookie on the data subject’s information technology system. Furthermore, Google Analytics cookies can be erased at any moment using a web browser or other software tools.

Furthermore, the data subject has the option of objecting to a collection of data generated by Google Analytics that is related to the use of this website, as well as the processing of this data by Google and the ability to prevent such processing.

  1. Period for Which the Personal Data Will Be Stored

For our business to function, it is necessary to retain and process specific information. Data will be stored with a purpose, will be deleted or will be anonymized when data is no longer required.

Additionally, data is stored securely within our organization, unless there is an agreement to process their data e.g receive newsletter and future promotions. Their data then will be transferred to a data processor such as a CRM tool. This would mean that the lifespan of their data from creation to deletion stays there. The period of retention is for agreement purposes only. If the data subject does not agree, then our standard retention years would be 10 years.

As stated in Policy #8, Section D, each data subject has the right to have his or her personal data erased without undue delay, and the controller is required to erase personal data without undue delay.

  1. Provision of personal data as a statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data.

We clarify that providing personal data is either mandated by law (e.g., tax requirements) or can derive from contractual obligations (e.g. information on the contractual partner). To conclude a contract, it may be required for the data subject to furnish us with personal data, which must then be processed by us. When our organization forms a contract with the data subject, for example, he or she is required to give us personal information. The failure to provide personal data would result in the contract with the data subject being unable to be concluded. Before providing personal information, the data subject must contact any employee. The employee clarifies to the data subject if the provision of personal data is required by law or contract or is required for the contract to be concluded, whether there is a duty to provide the personal data, and the consequences of failure to submit the personal data.