SpeedyPay Inc. (eMango Wallet) is committed to adhering to the applicable privacy laws of the Republic of the Philippines, the Data Privacy Act of 2012 and its implementing rules and regulations to protect and secure your personal information and any information or data that can be used to distinguished, identify or contact you.


This Data Privacy Policy outlines the guidelines that SpeedyPay follows in collecting, processing, storing, transmitting, and retaining your personal information during the use of eMango Wallet platforms as but not limited to the eMango Wallet mobile application, eMango Card, eMango VISA Card, and web portals. SpeedyPay Inc. is committed to providing transparency to support the legitimacy of our purpose of handling your personal information.


We provide contact details of our Data Privacy Officer on our website (www.e-mango.ph) should you have any concerns about how SpeedyPay Inc. protects and secures your information.


We update this Data Privacy Policy on our website and mobile application as necessary to comply with the latest government and regulatory requirements, to adopt new technologies and information security protocols, to align with industry practices, or for other legitimate purposes. We encourage you to check this policy from time to time to ensure that you are updated and pleased with any changes made.


We will provide notice and obtain your consent if there will be any material changes in our Data Privacy Policy and if we are required by law.


DEFINITION OF PERSONAL INFORMATION

We collect your Personal Information as may be applicable. Your Personal Information that we collect may either be Basic Personal Information and/or Special Category Information:


Basic Personal Information is any information from which the identity of an individual can be reasonably and directly ascertained, or when put together with other information would directly and certainly identify an individual like name, date, and place of birth, nationality, present and permanent address, specimen signature, authentication information, biometrics (fingerprint, face recognition, palm print, etc.), source of fund/income, name of employer or self-employment business, contact details such as telephone number, mobile number, and email address, user credentials like username and password (login password and/or payment password), mother’s maiden name, information about the device you use to interact with us, and identity supporting documents such as photo and valid identification cards.


Special Category Information is any information that falls under the category of personal information with higher security impact as described in applicable privacy law. This information includes but is not limited to marital status, cardholder data(CVV/CVC, Expiry Date), tax returns, individual government-issued numbers, information on IDs issued by private entities duly registered with the Department of Trade and Industries (DTI), and the Securities and Exchange Commission (SEC), and student IDs for those who are not yet of voting age (below 18 years old), and geolocation.


PURPOSE OF COLLECTING PERSONAL INFORMATION

We must collect, use, process, and analyze your personal information to comply with the requirements of the law and legal process, such as legal and regulatory obligations to Bangko Sentral ng Pilipinas (BSP) and Anti-Money Laundering Act (AMLA), or to prevent imminent harm to public security safety, or order.


Also, we collect your Personal Information, without limiting the generality of the purpose, to facilitate your transaction needs and avail of our products and services.


Please see below another purpose for collecting your personal information:

  1. To create and manage your account and to ensure your fair and lawful use of the platform’s products and services;

  2. To facilitate your transaction based on your preferences and needs from our products and services;

  3. To communicate relevant advisories that might enhance your end-user experience and information on offers and promotions for our services and from our business partners;

  4. To send relevant advertisements from SpeedyPay, from our business partners and third- party service providers;

  5. Generate information to conduct statistical and analytical reviews for research and marketing purposes, for customer care and aftersales services, and other similar purposes;

  6. To provide your information to the Credit Information Corporation following Republic Act no. 9510, otherwise known as the Credit Information System Act;

  7. To share your information with third-party service providers for which you sign-up;

  8. To implement measures to prevent money laundering, fraud, and identity theft.


We will ask for your consent before we use or process your Personal Information when required by our Data Privacy Policy and the law for any other purpose.


SpeedyPay collects information about the device you use to access our Products and Services to safeguard and secure your account as part of our risk management and fraud prevention, to customize our services, and to enhance and improve your end-user experience.

Please see below the following device information we collect:

  1. Operating system, hardware and software versions, available storage space, browser type, and installed applications;

  2. Device IDs and other unique identifiers;

  3. Nearby WiFi access points, hotspots, and cell towers;

  4. Mobile network operator or Internet service provider, Time Zone, IP Address, connection speed, and information about any devices that are nearby or on your network; and

  5. Phonebook, contacts, and SMS.


The above information is automatically collected by our servers when you access the mobile App, such as your native actions that are integral to the App and actions taken when processing transactions like allowing access to your phonebook or contract directory. As such, we may also request access to your device’s phonebook or contact directory to process your transaction. All information shared in the mobile app is collected and stored in our servers with strict security preventing unauthorized access by any third party not part of our organization. If you wish to change our access or permissions, you may do so on your device’s settings.


PRODUCTS AND SERVICES

We collect and process your personal information to have access to the following products and services we are offering through our eMango Wallet platform:


PROCESS OF COLLECTING PERSONAL INFORMATION

Your Personal Information may be obtained in many ways including:

  1. Through the eMango Wallet platform (Mobile App);

  2. Through an accredited agent or third-party service provider platform or channel;

  3. Through SpeedyPay’s subsidiaries, affiliates, suppliers, or business partners enrolling you as their employees and members for payment disbursements;

  4. Through other sources from commercially or publicly available sources like published directories and public documents from which you have given consent for the disclosure of such information relating to you and where otherwise lawfully permitted;


We collect your Personal Information when you:

  1. Submit your registration to our services via the Mobile App, filling out a Registration Form online, in one of our stores, or disclosing your personal information to one of our accredited Agents or third-party service providers through phone calls, emails, SMS, or verbal communications;

  2. Submit supporting documents to validate your identity;

  3. File a complaint, request for service, or product inquiry through different channels;

  4. Visit our official websites to take part in our research and surveys and/or apply for a job with us.


KINDS OF DATA WE PROCESS

  1. Know-Your-Customer (KYC)/ Identification Data: refers to Personal Data and Sensitive Personal Data we collect when you sign up or register for our products and services such as full legal name, gender, date of birth, nationality, civil status, permanent address, present address, tax identification number and other government-issued identification numbers, mobile number, home number, office contact details, company name, job position or rank, office address, source of funds, gross annual income, and such other information necessary to conduct due diligence and comply with BSP rules and regulations.

  2. Biometric Data: upon your express consent and subject to limitations imposed by law, data is processed for customer verification using: (1) facial recognition technology; (2) a liveliness detection mechanism; and (3) fingerprint recognition applications.

  3. Transactional Data: linkable information to your Personal Data such as (1) bank account number, deposits, withdrawals, such other transfers made to or from your account, and details about them such as reference number, place, and time these were made; (2) information when you contact us through our official channels such as branches, contact centers, web and mobile platforms; (3) card account number as well as purchases or transactions using your card; and (4) other forms of customer account number, payments, and transactions you have with us.

  4. Financial Data: information about the value of your property and assets, your financial history and capacity, and other financial products and services you have with us.

  5. Behavioral Data: this refers to your online behavior, customer segment, usage of our products and services, internet protocol address of your devices used to access our applications, interests and needs you share with us, and customer behavior we collect as part of due diligence, to prevent fraudulent conduct, and comply with banking rules on anti-money laundering, terrorism financing, and tax fraud.

  6. Audio Visual Data: for security and improvement of our services, we process audio and video recordings of your interactions with us and surveillance videos at branches and automated teller machines, subject to limitations imposed by law.

  7. Sensitive Personal Data: we may require the following Sensitive Personal Data upon your express consent: (1) your religion when you apply for insurance products with us; (2) for customer verification, your government-issued identification numbers or cards such as passport or driver’s license ID; or (3) any necessary information, incidental to a contractual agreement or in connection with a requested product or service.

  8. Children’s Data: we may collect information about children if they have opened an account with us with parental consent or if you provide us with a product or service you signed up with us (i.e. when you register children as beneficiaries to an insurance product or trust service with us). The foregoing data are collectively referred to as “Customer Data” or “Personal Information”.


USE OF CARDS AS A PAYMENT METHOD

When you use the eMango Card or VISA Card as a form of payment, we collect and process your Cardholder Data: Card number, CVV/CVC, expiration date, and other transaction information (e.g., amount, merchant details, transaction time) for:

  1. Transaction Processing. Your card information is used securely to process payments for online or in-store purchases, bill payments, and other transactions.

  2. Fraud Detection. We employ advanced fraud detection tools to monitor suspicious activities and protect your personal information.

  3. Ensure Security. We use encryption and secure protocols to safeguard your card details and comply with PCI DSSstandards to ensure secure handling of cardholder information.

  4. Sharing with Payment Networks. Your Cardholder Data may be shared with accredited third-party processors such as VISA, MasterCard, or BancNet, who comply with strict data protection regulations.

  5. Cross-border Transactions. Your card details may be processed outside of the Philippines if necessary for international transactions.

SHARE YOUR INFORMATION WITH THIRD PARTY

We value and respect your privacy as an end-user of our platform, eMango Wallet. We are committed to protecting your privacy and to being transparent with the way we handle your personal information. We may need to disclose or share some of the personal information that you have provided to us with our accredited Third-Party service providers, who we engage with to support our business. SpeedyPay Inc. ensures that the Accredited Third-Party service providers are bound by obligations to keep your Personal Information confidential and to use it only for purposes for which we disclose it to them and this provision is included in the Data Sharing section of their agreed contractual arrangement with us that can demonstrate sufficient organizational, physical, and technical security measures to protect your Personal Information. Accredited Third-Party service providers are always subject to SpeedyPay Inc.’s Information Security Policies and applicable privacy laws of the Republic of the Philippines, Data Privacy Act of 2012 and its implementing rules and regulations.


We will never disclose your personal information to third parties that are not part of our organizations, accredited agencies including their sub-contractors or business partners that act as our service providers and/or contractors except in the special circumstances where you have given your consent, and as described in this Data Privacy Policy.


We and our Accredited Third-party service providers may share your Personal Information with regulatory government agencies where we are bound to comply with reportorial and information submission requirements.


We may also disclose your Personal Information to our Third-Party Affiliates and Partners for marketing research and other specified legitimate purposes only after obtaining your consent on such sharing of information.


You hereby consent that your Personal and Special Category Information may be collected, deposited, kept, transferred, processed, or otherwise dealt with in another jurisdiction which may be outside of the Philippine jurisdiction where eMango Wallet, its subsidiaries and affiliates, and third-party partners may maintain their facilities and resources, in providing the eMango Wallet Services.


When you consent to the processing of your Customer Data with us, you also agree to help us comply with our statutory and contractual obligations with other financial institutions. We may also share your Customer Data externally with our partners, upon your consent, for value-added services you may find useful and relevant on top of your account with us. For contractual and value-added service data-sharing agreements, we employ standardized model clauses as recommended by the National Privacy Commission to ensure data protection of Customer Data. Below are the disclosures required by government entities, other regulatory authorities, and financial institutions:


  1. Bangko Sentral ng Pilipinas (BSP), Anti-Money Laundering Council (AMLC)

    1. We are subjected to mandatory disclosures to the AMLC under Republic Act No. 9160 or the Anti-Money Laundering Act of 2001, as amended when there is probable cause that the deposits or investments involved are in any way related to unlawful activities or money laundering offenses.

    2. BSP mandates disclosures and reporting in compliance with its issuances for the protection of the integrity of the EMI sector.


  2. Bureau of Internal Revenue (BIR)

    1. We may conduct random verification with the BIR to establish the authenticity of tax returns submitted to us.

    2. BIR may inquire into e-Wallet accounts of the following: a) a decedent to determine his gross estate; b) a taxpayer who has applied to compromise his tax liability on the ground of financial incapacity; and c) a taxpayer, information on whose account is requested by a foreign tax authority.

  3. Judicial and Investigative Authorities

    1. We may be mandated to disclose certain Customer Data upon service of legal court orders (i.e. unexplained wealth under Section 8 of RA No. 3019) or express legal request from police, public prosecutors, courts, or dispute resolution providers allowed by law.

    2. In these cases, we would notify you of the disclosure to the requesting government authority, subject to limitations imposed by law.

  4. Other Regulatory Authorities

    a Regulatory authorities when such other persons or entities we may deem as having authority or right to such disclosure of information as in the case of regulatory agencies, government or otherwise, which have required such disclosure from us and when the circumstance so warrants.

  5. Financial Institutions

    1. To fulfill payments and services, we may have to share your information with correspondent banks, network payment processors (i.e. Visa, Mastercard, American Express, JCB), stockbrokers, fund managers, or portfolio service providers.

    2. We disclose your Personal Data with insurers, insurance brokers, or providers of deposit or protection against all kinds of risks.

    3. For purposes of consumer reporting, account updates, and fraud prevention, we may share your data with reference.

  6. Value Added Services

  1. With your express consent, we may disclose your Customer Data to our partners who collaborate with us to provide services to you and provide joint communications that we hope you find of interest.

  2. Through our digital channels, you may instruct other mobile financial technology applications to retrieve your account information, initiate payments, or cash in from your account with us via our Application Programming Interface (API) facility.


STORAGE, PROTECTION, AND RETENTION OF YOUR PERSONAL INFORMATION

We strictly enforce our Data Privacy Policy within the organization and accredited agencies including their sub-contractors and business partners that act as our service providers and/or contractors. When there is a need for us to store your Personal Information with a third-party information storage provider, we use contractual arrangements to ensure that those providers take appropriate measures that are aligned with our Data Privacy and Information Security Policies.


We ensure that we have implemented appropriate technological, physical, and organizational privacy and security measures that are designed to secure and protect your information from unauthorized access, use, alteration, and disclosure and to maintain confidentiality and integrity in retaining and processing your Personal Information.


DATA STORAGE.

  1. We store Customer Data in secure and encrypted eWallet-managed environments, devices, and media. For third-party managed environments such as cloud service providers, we employ BSP-sanctioned security protocols and procure BSP approval before deployment.

  2. We store physical copies of documents containing your Customer Data in physical secure vaults.


DATA ACCESS.

a Customer Data can only be accessed by authorized personnel in a role-based manner following the proportionality principle that authorized personnel can only access the Customer Data they need for their role and purpose in the company.


DATA USE.

  1. Customer Engagement

    1. We use your contact details with us to communicate with you about your relationship with us. We may ask for feedback, surveys, or polls about our products and services.

    2. We may send you email or mobile notifications, telephone calls, newsletters about product and service enhancements, and account security reminders.

    3. You have the right to opt out of this form of communication with us or choose another means by which we can contact you.


  2. Marketing

    1. We may use your information to send out campaigns for commercial products and services we hope you find interesting, relevant, and useful.

    2. We want to establish a more personalized relationship with you by providing you with offers that would suit your lifestyle and needs.

    3. We perform data analysis on the results of our marketing campaigns to measure their effectiveness and relevance.

    4. You have the right to withdraw your consent or unsubscribe from receiving personalized offers.


  3. Due Diligence and Regulatory Compliance

    a We may use Customer Data to evaluate your eligibility for eWallet products and services. b We use your account details when you instruct us to make a payment or fulfill an

    investment order.

    c We process Customer Data in compliance with legal obligations and statutory requirements by BSP, and other regulatory agencies.


  4. Business Insights

    1. We perform data analysis and reporting based on your Customer Data and how we operationalize to aid our management in making better decisions.

    2. We analyze your behavioral data, your interactions with our products and services, and our communications with you to aid us in understanding the areas for improvement and development.

    3. We analyze transactional data performed through our third-party service providers and partners to determine how we can jointly improve our products and services for you.


  5. Data Quality

    a We shall process your Customer Data in compliance with the data quality standards imposed by BSP. We may obtain additional information about you from government institutions to improve the quality of your Customer Data with us. We may contact you to ensure the accuracy and integrity of your information in our data processing systems.


  6. Protection and Security

  1. We process Customer Data for your account protection against cybercrime, identity theft, estafa, fraud, and financial crimes such as money laundering, terrorism financing, and tax fraud.

  2. We use your Data such as name, age, nationality, IP address, home address, and other Transactional Data to conduct profiling for detection of suspicious activity on your account.

  3. We may employ artificial intelligence and machine learning in real-time detection of suspected fraudulent activities on your account.

  4. We may reset your password or temporarily hold your eWallet account to protect you from detected suspected fraudulent activities.


DATA RETENTION.

  1. Under BSP Regulations, the retention period for your registration and transaction records shall be five (5) years from the date of your registration and transaction except where specific laws and/or regulations require a different retention period, in which case, the longer retention period is observed.

  2. For financial data and documents that indicate taxable transactions, data shall be preserved for ten (10) years per BIR Regulation.

  3. We keep your data as long as it is necessary: a) for the fulfillment of the declared, specified, and legitimate purposes, or when the processing relevant to the purposes has been terminated; b) for the establishment, exercise, or defense of legal claims; or c) for legitimate business purposes, which shall be by the standards of the eWallet industry.


DATA DISPOSAL.

a Your Personal Information will be destroyed in irretrievable and unusable form in adherence with our physical and/or technical information security measures when retention is no longer required.


We also implement an Information Security Policy as follows:

  1. We keep and protect your information using a secured server behind a firewall encryption and security controls;

  2. We strict access to your information only to qualified and authorized personnel who hold your information with strict confidentiality;

  3. We undergo regular audits and rigorous testing of our infrastructure’s security protocols to ensure your information is always protected;

  4. We let you update your information securely to keep our records accurate;

  5. We implement processes to secure and protect the privacy of personal information being shared with service providers, both local and overseas;

  6. We keep your information only for as long as necessary for the fulfillment of the purpose for which the information was obtained for the establishment, exercise, or defense of legal

    claims, or legitimate business purposes, or as provided by law, rules, and regulations; and up to 5 years after account closure to comply with the requirements of Bangko Sentral ng Pilipinas (BSP) and to adhere with Anti-Money Laundering Act of 2001 (RA 9160).

  7. We will destroy your Personal Information in adherence with our physical and/or technical information security policy when retention is no longer required concerning existing laws, rules, and regulations; and

  8. We promptly notify you and the National Privacy Commission, when sensitive personal information that may, under the circumstances, be used to enable identity fraud is reasonably believed to have been acquired by an unauthorized person.


OWNER’S RIGHTS FOR THEIR PERSONAL INFORMATION

You, as the owner of the Personal Information, have certain rights under the Data Privacy Act of 2012, which include:

  1. Right to object to processing your Personal Information;

  2. Right to access your Personal Information;

  3. Right to modify any inaccurate Personal information;

  4. Right to suspend, withdraw, or order the blocking, removal, or destruction of your Personal Information in our processing systems upon discovery and substantial proof that your Personal Information is no longer necessary for the purpose/s for which it was collected, and for such other cases provided in the Data Privacy Act of 2012, however, we will have to retain your account information in our systems in compliance with the retention period as prescribed in the “STORAGE, PROTECTION AND RETENTION OF YOUR PERSONAL INFORMATION” section of this Data Privacy Policy, as prescribed by another law, i.e. Anti- Money Laundering Act of 2001 (RA 9160);

  5. Right, to file a complaint with the National Privacy Commission should you feel that your personal information has been misused, maliciously disclosed, or improperly disposed, of or that any of your data privacy rights have been violated;

  6. Right to claim damages in case of inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal information;


We will process all your requests for access or correction to your Personal Information unless there are practical, contractual, and legal reasons that would prevent us from doing so. You have the right to ask for a copy of any Personal Information we hold about you, as well as to ask for it to be corrected if you think it is wrong.


You may also get in touch with our Data Privacy Officer through the contact details provided on our website (www.e-mango.ph), should you feel that there has been mishandling or misuse of your Personal Information, or that any of your data privacy rights have been violated.


We welcome your feedback and wish to assist you with your Data Privacy needs and concerns, you can reach us at: dpo@e-mango.ph (Data Privacy Officer).


This policy will be updated as necessary to reflect changes in legal requirements or business practices. We will notify you of significant changes.


For more information, please contact our Data Privacy Officer at:

Email: dpo@e-mango.ph

Website: www.e-mango.ph