SpeedyPay
Inc. (eMango Wallet) is committed to adhering to the applicable privacy laws of
the Republic of the Philippines, the Data Privacy Act of 2012 and its
implementing rules and regulations to protect and secure your personal
information and any information or data that can be used to distinguished,
identify or contact you.
This
Data Privacy Policy outlines the guidelines that SpeedyPay follows in
collecting, processing, storing, transmitting, and retaining your personal
information during the use of eMango Wallet platforms as but not limited to the
eMango Wallet mobile application, eMango Card, eMango VISA Card, and web
portals. SpeedyPay Inc. is committed to providing transparency to support the
legitimacy of our purpose of handling your personal information.
We
provide contact details of our Data Privacy Officer on our website
(www.e-mango.ph) should you have any concerns about how SpeedyPay Inc. protects
and secures your information.
We
update this Data Privacy Policy on our website and mobile application as
necessary to comply with the latest government and regulatory requirements, to
adopt new technologies and information security protocols, to align with
industry practices, or for other legitimate purposes. We encourage you to check
this policy from time to time to ensure that you are updated and pleased with
any changes made.
We
will provide notice and obtain your consent if there will be any material
changes in our Data Privacy Policy and if we are required by law.
DEFINITION
OF PERSONAL INFORMATION
We
collect your Personal Information as may be applicable. Your Personal
Information that we collect may either be Basic Personal Information and/or
Special Category Information:
Basic
Personal Information is any information from which the identity of an individual
can be reasonably and directly ascertained, or when put together with other
information would directly and certainly identify an individual like name,
date, and place of birth, nationality, present and permanent address, specimen
signature, authentication information, biometrics (fingerprint, face
recognition, palm print, etc.), source of fund/income, name of employer or
self-employment business, contact details such as telephone number, mobile
number, and email address, user credentials like username and password (login
password and/or payment password), mother’s maiden name, information about the
device you use to interact with us, and identity supporting documents such as
photo and valid identification cards.
Special
Category Information is any information that falls under the category of
personal information with higher security impact as described in applicable
privacy law. This information includes but is not limited to marital status,
cardholder data(CVV/CVC, Expiry Date), tax returns, individual
government-issued numbers,
information on IDs issued by private entities duly registered with the
Department of Trade and Industries (DTI), and the Securities and Exchange
Commission (SEC), and student IDs for those who are not yet of voting age
(below 18 years old), and geolocation.
PURPOSE
OF COLLECTING PERSONAL INFORMATION
We
must collect, use, process, and analyze your personal information to comply
with the requirements of the law and legal process, such as legal and
regulatory obligations to Bangko Sentral ng Pilipinas (BSP) and Anti-Money
Laundering Act (AMLA), or to prevent imminent harm to public security safety,
or order.
Also,
we collect your Personal Information, without limiting the generality of the
purpose, to facilitate your transaction needs and avail of our products and
services.
Please
see below another purpose for collecting your personal information:
1.
To create and manage your account and
to ensure your fair and lawful use of the platform’s products and services;
2.
To facilitate your transaction based
on your preferences and needs from our products and services;
3.
To communicate relevant advisories
that might enhance your end-user experience and information on offers and
promotions for our services and from our business partners;
4.
To send relevant advertisements from
SpeedyPay, from our business partners and third-party service providers;
5.
Generate information to conduct
statistical and analytical reviews for research and marketing purposes, for
customer care and aftersales services, and other similar purposes;
6.
To provide your information to the
Credit Information Corporation following Republic Act no. 9510, otherwise known
as the Credit Information System Act;
7.
To share your information with
third-party service providers for which you sign-up;
8.
To implement measures to prevent money
laundering, fraud, and identity theft.
We
will ask for your consent before we use or process your Personal Information
when required by our Data Privacy Policy and the law for any other purpose.
SpeedyPay
collects information about the device you use to access our Products and
Services to safeguard and secure your account as part of our risk management
and fraud prevention, to customize our services, and to enhance and improve
your end-user experience.
Please
see below the following device information we collect:
a
Operating system, hardware and
software versions, available storage space, browser type, and installed
applications;
b
Device IDs and other unique
identifiers;
c
Nearby WiFi access points, hotspots,
and cell towers;
d
Mobile network operator or Internet
service provider, Time Zone, IP Address, connection speed, and information
about any devices that are nearby or on your network; and
e
Phonebook, contacts, and SMS.
The
above information is automatically collected by our servers when you access the
mobile App, such as your native actions that are integral to the App and
actions taken when processing transactions like allowing access to your
phonebook or contract directory. As such, we may also request access to your
device’s phonebook or contact directory to process your transaction. All
information shared in the mobile app is collected and stored in our servers
with strict security preventing unauthorized access by any third party not part
of our organization. If you wish to change our access or permissions, you may
do so on your device’s settings.
PRODUCTS
AND SERVICES
We
collect and process your personal information to have access to the following
products and services we are offering through our eMango Wallet platform:
• PRODUCTS
·
eMango Card (physical close loop card)
·
eMango VISA Card (physical card-
BancNet activated)
·
eMango Wallet mobile application
(virtual)
• SERVICES
·
Account Maintenance including change
in account information, contact details, and user credentials (user name, login
password, and/or payment password)
·
Cash-In/Cash-Out service (CICO)
·
Purchase in-store or online
·
Bills Payment to various merchants
either in private or public entities.
·
Send Money (eMango Wallet to eMango
Wallet transfers or eMango Wallet to other eWallet provider transfers)
·
Send Voucher/Redeem Voucher (eMango
Wallet to Non-eMango Wallet transfers)
·
Bank Fund Transfer
PROCESS
OF COLLECTING PERSONAL INFORMATION
Your
Personal Information may be obtained in many ways including:
a)
Through the eMango Wallet platform
(Mobile App);
b)
Through an accredited agent or
third-party service provider platform or channel;
c)
Through SpeedyPay’s subsidiaries,
affiliates, suppliers, or business partners enrolling you as their employees
and members for payment disbursements;
d)
Through other sources from
commercially or publicly available sources like published directories and
public documents from which you have given consent for the disclosure of such
information relating to you and where otherwise lawfully permitted;
We
collect your Personal Information when you:
1.
Submit your registration to our
services via the Mobile App, filling out a Registration Form online, in one of
our stores, or disclosing your personal information to one of our accredited
Agents or third-party service providers through phone calls, emails, SMS, or
verbal communications;
2.
Submit supporting documents to
validate your identity;
3.
File a complaint, request for service,
or product inquiry through different channels;
4.
Visit our official websites to take
part in our research and surveys and/or apply for a job with us.
KINDS
OF DATA WE PROCESS
1.
Know-Your-Customer (KYC)/
Identification Data: refers to Personal Data and
Sensitive Personal Data we collect when you sign up or register for our
products and services such as full legal name, gender, date of birth,
nationality, civil status, permanent address, present address, tax
identification number and other government-issued identification numbers,
mobile number, home number, office contact details, company name, job position
or rank, office address, source of funds, gross annual income, and such other
information necessary to conduct due diligence and comply with BSP rules and
regulations.
2.
Biometric Data:
upon your express consent and subject to limitations imposed by law, data is
processed for customer verification using: (1) facial recognition technology;
(2) a liveliness detection mechanism; and (3) fingerprint recognition
applications.
3.
Transactional Data:
linkable information to your Personal Data such as (1) bank account number,
deposits, withdrawals, such other transfers made to or from your account, and
details about them such as reference number, place, and time these were made;
(2) information when you contact us through our official channels such as
branches, contact centers, web and mobile platforms; (3) card account number as
well as purchases or transactions using your card; and (4) other forms of
customer account number, payments, and transactions you have with us.
4.
Financial Data:
information about the value of your property and assets, your financial history
and capacity, and other financial products and services you have with us.
5.
Behavioral Data:
this refers to your online behavior, customer segment, usage of our products
and services, internet protocol address of your devices used to access our
applications, interests and needs you share with us, and customer behavior we
collect as part of due diligence, to prevent fraudulent conduct, and comply
with banking rules on anti-money laundering, terrorism financing, and tax
fraud.
6.
Audio Visual Data:
for security and improvement of our services, we process audio and video
recordings of your interactions with us and surveillance videos at branches and
automated teller machines, subject to limitations imposed by law.
7.
Sensitive Personal Data:
we may require the following Sensitive Personal Data upon your express consent:
(1) your religion when you apply for insurance products with us; (2) for
customer verification, your government-issued identification numbers or cards
such as passport or driver’s license ID; or (3) any necessary information,
incidental to a contractual agreement or in connection with a requested product
or service.
8.
Children’s Data:
we may collect information about children if they have opened an account with
us with parental consent or if you provide us with a product or service you
signed up with us (i.e. when you register children as beneficiaries to an
insurance product or trust service with us). The foregoing data are
collectively referred to as “Customer Data” or “Personal Information”.
SHARE
YOUR INFORMATION WITH THIRD PARTY
We
value and respect your privacy as an end-user of our platform, eMango Wallet.
We are committed to protecting your privacy and to being transparent with the
way we handle your personal information. We may need to disclose or share some
of the personal information that you have provided to us with our accredited
Third-Party service providers, who we engage with to support our business.
SpeedyPay Inc. ensures that the Accredited Third-Party service providers are
bound by obligations to keep your Personal Information confidential and to use
it only for purposes for which we disclose it to them and this provision is
included in the Data Sharing section of their agreed contractual arrangement
with us that can demonstrate sufficient organizational, physical, and technical
security measures to protect your Personal Information. Accredited Third-Party
service providers are always subject to SpeedyPay Inc.’s Information Security
Policies and applicable privacy laws of the Republic of the Philippines, Data
Privacy Act of 2012 and its implementing rules and regulations.
We
will never disclose your personal information to third parties that are not
part of our organizations, accredited agencies including their sub-contractors
or business partners that act as our service providers and/or contractors
except in the special circumstances where you have given your consent, and as
described in this Data Privacy Policy.
We
and our Accredited Third-party service providers may share your Personal
Information with regulatory government agencies where we are bound to comply
with reportorial and information submission requirements.
We
may also disclose your Personal Information to our Third-Party Affiliates and
Partners for marketing research and other specified legitimate purposes only
after obtaining your consent on such sharing of information.
You
hereby consent that your Personal and Special Category Information may be
collected, deposited, kept, transferred, processed, or otherwise dealt with in
another jurisdiction which may be outside of the Philippine jurisdiction where eMango
Wallet, its subsidiaries and affiliates, and third-party partners may maintain
their facilities and resources, in providing the eMango Wallet Services.
When
you consent to the processing of your Customer Data with us, you also agree to
help us comply with our statutory and contractual obligations with other
financial institutions. We may also share your Customer Data externally with
our partners, upon your consent, for value-added services you may find useful
and relevant on top of your account with us. For contractual and value-added
service data-sharing agreements, we employ standardized model clauses as
recommended by the National Privacy Commission to ensure data protection of
Customer Data. Below are the disclosures required by government entities, other
regulatory authorities, and financial institutions:
1.
Bangko Sentral ng Pilipinas
(BSP), Anti-Money Laundering Council (AMLC)
a
We are subjected to mandatory
disclosures to the AMLC under Republic Act No. 9160 or the Anti-Money
Laundering Act of 2001, as amended when there is probable cause that the
deposits or investments involved are in any way related to unlawful activities
or money laundering offenses.
b
BSP mandates disclosures and reporting
in compliance with its issuances for the protection of the integrity of the EMI
sector.
2.
Bureau of Internal Revenue
(BIR)
a
We may conduct random verification
with the BIR to establish the authenticity of tax returns submitted to us.
b
BIR may inquire into e-Wallet accounts
of the following: a) a decedent to determine his gross estate; b) a taxpayer
who has applied to compromise his tax liability on the ground of financial
incapacity; and c) a taxpayer, information on whose account is requested by a
foreign tax authority.
3.
Judicial and Investigative
Authorities
a
We may be mandated to disclose certain
Customer Data upon service of legal court orders (i.e. unexplained wealth under
Section 8 of RA No. 3019) or express legal request from police, public
prosecutors, courts, or dispute resolution providers allowed by law.
b
In these cases, we would notify you of
the disclosure to the requesting government authority, subject to limitations
imposed by law.
4.
Other Regulatory Authorities
a
Regulatory authorities when such other
persons or entities we may deem as having authority or right to such disclosure
of information as in the case of regulatory agencies, government or otherwise,
which have required such disclosure from us and when the circumstance so
warrants.
5.
Financial Institutions
a
To fulfill payments and services, we
may have to share your information with correspondent banks, network payment
processors (i.e. Visa, Mastercard, American Express, JCB), stockbrokers, fund
managers, or portfolio service providers.
b
We disclose your Personal Data with
insurers, insurance brokers, or providers of deposit or protection against all
kinds of risks.
c
For purposes of consumer reporting,
account updates, and fraud prevention, we may share your data with reference.
6.
Value Added Services
a.
With your express consent, we may
disclose your Customer Data to our partners who collaborate with us to provide
services to you and provide joint communications that we hope you find of
interest.
b.
Through our digital channels, you may
instruct other mobile financial technology applications to retrieve your
account information, initiate payments, or cash in from your account with us
via our Application Programming Interface (API) facility.
STORAGE,
PROTECTION, AND RETENTION OF YOUR PERSONAL INFORMATION
We
strictly enforce our Data Privacy Policy within the organization and accredited
agencies including their sub-contractors and business partners that act as our
service providers and/or contractors. When there is a need for us to store your
Personal Information with a third-party information storage provider, we use
contractual arrangements to ensure that those providers take appropriate
measures that are aligned with our Data Privacy and Information Security
Policies.
We
ensure that we have implemented appropriate technological, physical, and
organizational privacy and security measures that are designed to secure and
protect your information from unauthorized access, use, alteration, and
disclosure and to maintain confidentiality and integrity in retaining and
processing your Personal Information.
DATA
STORAGE.
a
We store Customer Data in secure and
encrypted eWallet-managed environments, devices, and media. For third-party
managed environments such as cloud service providers, we employ BSP-sanctioned
security protocols and procure BSP approval before deployment.
b
We store physical copies of documents
containing your Customer Data in physical secure vaults.
DATA
ACCESS.
a
Customer Data can only be accessed by
authorized personnel in a role-based manner following the proportionality
principle that authorized personnel can only access the Customer Data they need
for their role and purpose in the company.
DATA
USE.
1.
Customer Engagement
a
We use your contact details with us to
communicate with you about your relationship with us. We may ask for feedback,
surveys, or polls about our products and services.
b
We may send you email or mobile
notifications, telephone calls, newsletters about product and service
enhancements, and account security reminders.
c
You have the right to opt out of this
form of communication with us or choose another means by which we can contact
you.
2.
Marketing
a
We may use your information to send
out campaigns for commercial products and services we hope you find
interesting, relevant, and useful.
b
We want to establish a more
personalized relationship with you by providing you with offers that would suit
your lifestyle and needs.
c
We perform data analysis on the
results of our marketing campaigns to measure their effectiveness and
relevance.
d
You have the right to withdraw your
consent or unsubscribe from receiving personalized offers.
3.
Due Diligence and Regulatory
Compliance
a
We may use Customer Data to evaluate
your eligibility for eWallet products and services.
b
We use your account details when you
instruct us to make a payment or fulfill an investment order.
c
We process Customer Data in compliance
with legal obligations and statutory requirements by BSP, and other regulatory
agencies.
4.
Business Insights
a
We perform data analysis and reporting
based on your Customer Data and how we operationalize to aid our management in
making better decisions.
b
We analyze your behavioral data, your
interactions with our products and services, and our communications with you to
aid us in understanding the areas for improvement and development.
c
We analyze transactional data
performed through our third-party service providers and partners to determine
how we can jointly improve our products and services for you.
5.
Data Quality
a
We shall process your Customer Data in
compliance with the data quality standards imposed by BSP. We may obtain
additional information about you from government institutions to improve the
quality of your Customer Data with us. We may contact you to ensure the
accuracy and integrity of your information in our data processing systems.
6.
Protection and Security
a
We process Customer Data for your
account protection against cybercrime, identity theft, estafa, fraud, and
financial crimes such as money laundering, terrorism financing, and tax fraud.
b
We use your Data such as name, age,
nationality, IP address, home address, and other Transactional Data to conduct
profiling for detection of suspicious activity on your account.
c
We may employ artificial intelligence
and machine learning in real-time detection of suspected fraudulent activities
on your account.
d
We may reset your password or
temporarily hold your eWallet account to protect you from detected suspected
fraudulent activities.
DATA
RETENTION.
a
Under BSP Regulations, the retention
period for your registration and transaction records shall be five (5) years
from the date of your registration and transaction except where specific laws
and/or regulations require a different retention period, in which case, the
longer retention period is observed.
b
For financial data and documents that
indicate taxable transactions, data shall be preserved for ten (10) years per
BIR Regulation.
c
We keep your data as long as it is
necessary: a) for the fulfillment of the declared, specified, and legitimate
purposes, or when the processing relevant to the purposes has been terminated;
b) for the establishment, exercise, or defense of legal claims; or c) for
legitimate business purposes, which shall be by the standards of the eWallet
industry.
DATA
DISPOSAL.
a
Your Personal Information will be
destroyed in irretrievable and unusable form in adherence with our physical
and/or technical information security measures when retention is no longer
required.
We
also implement an Information Security Policy as follows:
1.
We keep and protect your information
using a secured server behind a firewall encryption and security controls;
2.
We strict access to your information
only to qualified and authorized personnel who hold your information with
strict confidentiality;
3.
We undergo regular audits and rigorous
testing of our infrastructure’s security protocols to ensure your information
is always protected;
4.
We let you update your information
securely to keep our records accurate;
5.
We implement processes to secure and
protect the privacy of personal information being shared with service
providers, both local and overseas;
6.
We keep your information only for as
long as necessary for the fulfillment of the purpose for which the information
was obtained for the establishment, exercise, or defense of legal claims, or
legitimate business purposes, or as provided by law, rules, and regulations;
and up to 5 years after account closure to comply with the requirements of
Bangko Sentral ng Pilipinas (BSP) and to adhere with Anti-Money Laundering Act
of 2001 (RA 9160).
7.
We will destroy your Personal
Information in adherence with our physical and/or technical information
security policy when retention is no longer required concerning existing laws,
rules, and regulations; and
8.
We promptly notify you and the
National Privacy Commission, when sensitive personal information that may,
under the circumstances, be used to enable identity fraud is reasonably
believed to have been acquired by an unauthorized person.
OWNER’S
RIGHTS FOR THEIR PERSONAL INFORMATION
You,
as the owner of the Personal Information, have certain rights under the Data
Privacy Act of 2012, which include:
1.
Right to object to processing your
Personal Information;
2.
Right to access your Personal
Information;
3.
Right to modify any inaccurate
Personal information;
4.
Right to suspend, withdraw, or order
the blocking, removal, or destruction of your Personal Information in our
processing systems upon discovery and substantial proof that your Personal
Information is no longer necessary for the purpose/s for which it was
collected, and for such other cases provided in the Data Privacy Act of 2012,
however, we will have to retain your account information in our systems in
compliance with the retention period as prescribed in the “STORAGE, PROTECTION
AND RETENTION OF YOUR PERSONAL INFORMATION” section of this Data Privacy
Policy, as prescribed by another law, i.e. Anti-Money Laundering Act of 2001
(RA 9160);
5.
Right, to file a complaint with the
National Privacy Commission should you feel that your personal information has
been misused, maliciously disclosed, or improperly disposed, of or that any of
your data privacy rights have been violated;
6.
Right to claim damages in case of
inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized
use of your personal information;
We
will process all your requests for access or correction to your Personal
Information unless there are practical, contractual, and legal reasons that
would prevent us from doing so. You have the right to ask for a copy of any
Personal Information we hold about you, as well as to ask for it to be
corrected if you think it is wrong.
You
may also get in touch with our Data Privacy Officer through the contact details
provided on our website (www.e-mango.ph), should you feel that there has been
mishandling or misuse of your Personal Information, or that any of your data
privacy rights have been violated.
We
welcome your feedback and wish to assist you with your Data Privacy needs and
concerns, you can reach us at: dpo@e-mango.ph (Data Privacy Officer).