Update Date: September 17, 2024
Effective Date: September 18, 2024
Introduction:
We highly value the protection of your personal information. By confirming your acceptance of this agreement, the disclosure statement, any platform terms of use (if applicable), and all other documents, instruments, and/or agreements provided by CFJ Financial Technology Corporation, a company incorporated and existing under the laws of the Republic of the Philippines (hereinafter referred to as "this policy" or "this privacy policy"), you agree to the terms and conditions outlined herein.
Through this policy, we aim to help you understand the following:
We recognize the importance of your personal information and are committed to doing our utmost to safeguard it. The personal information we collect, use, share, transfer, and manage, as mentioned in this privacy policy, includes personal sensitive information marked in bold and underlined, as well as other personal information. We are dedicated to maintaining your trust and adhering to the following principles: the principle of responsibility, the principle of clear purpose, the principle of informed consent, the principle of data minimization, the principle of security assurance, the principle of user participation, the principle of openness and transparency, and more. Additionally, we commit to applying the security protection measures in accordance with industry standards to safeguard your personal information.
Please carefully read and ensure that you fully understand the contents of this policy before using our products or services. By clicking "Confirm," you are deemed to have accepted the terms of this policy.
This policy's products and services are only available to individuals aged 18 years and above. By entering into this Agreement, you attest that you are 18 years old and above.
(1) User Registration and Login Functions When you choose to register for PesoPath, you need to provide your mobile phone number. We will send a verification SMS to the number you provided and collect the verification code you submit to verify your identity. Additionally, you may choose to provide supplementary account information. The mobile number and verification code are mandatory. If you do not provide them, you will not be able to complete the registration. When logging into PesoPath, you will need to provide your mobile number, verification code, or password to log in and verify your identity.
(2) Product Browsing, Searching, Matching, Recommendation, and Marketing Service Functions
(3) Loan Consultation and Recommendation Services When availing loan consultation services, information, such as but not limited to, name, age, property ownership, income, and business ownership, shall be required to disclose. By entering into this Agreement, you consent to processing these information to evaluate properly your credit score, credit report, and other promotional offers.
(4) Loan Product Recommendation Services
Loan Eligibility and Creditworthiness Assessment When applying for loan products via our platform, to protect your account and legal rights and prevent unauthorized loans, we verify your identity to fulfill anti-money laundering and real-name authentication requirements. You will need to provide your name, phone number, and ID information for this purpose. If you refuse to provide this information, we will not be able to assist loan institutions in assessing your loan eligibility and creditworthiness, and you will not receive a credit limit. To expedite loan approval processes, based on loan providers' requirements, you may also need to provide additional information, such as your address, marital status, credit details, employment status, income, housing status, emergency contacts, loan application details, and bank account information. If you refuse to provide this information, we may be unable to offer higher credit limits, though it will not affect lower credit approvals.
(5) Loan Disbursement and Repayment (5.1) Loan Disbursement
After successfully applying for a loan through PesoPath, we will collect your bank card information, mobile phone number, and verification code to bind your bank account for loan disbursement and repayment services, and synchronise your loan information with its Apps.
(5.2) Repayment By entering into this Agreement, you consent to collecting information such as loan approvals and loan performance data from other lenders. This will enable us to fully verify your identity, and assess and manage repayment and credit scoring.
(6) Customer Service To offer high-quality service and user experience, we collect browsing history, operational records, information provided during customer service interactions, and survey responses. We also record customer service calls for quality assurance purposes, notifying you in advance. Non-compliance and non-acceptance herewith shall bar you from availing any of our services.
(7) Third-Party Services By entering intp agreement and agreeing with the third-party’s privacy policy, you consent into giving them all information required and shall not hold us liable for third party’s use of your information.
(8) Notifications and Marketing Communications To ensure your account security and provide better service, we may contact you via the phone number you provided when service interruptions occur or marketing is required. We may send SMS, make AI voice calls, or have customer service representatives contact you directly.
(9) Indirect Collection of Your Information from Other Sources
(9.1) To provide the products or services you request, we may obtain your identification and risk assessment information, credit ratings, or comprehensive credit scores from credit agencies or third-party data providers.
(9.2) To analyze your product preferences, we may share your phone number with advertising and analytics providers, who may analyze your location, communication data, and preferences to create a user profile. Based on these profiles, we may recommend products.
(10) Our App Permissions
(10.1) Phone State (Android): Required to collect device information (IMEI, IMSI, IP address) for security risk control and service recommendations.
(10.2) Contacts (Android/iOS): Required for selecting emergency contacts from your address book during loan application.
(10.3) Location (Android/iOS): Required for location-based service recommendations.
(10.4) Camera (Android/iOS): Required for identity verification and face recognition.
(10.5) Read/Write External Storage (Android): Required for uploading videos or images during identity verification.
(10.6) Call Permission (Android): Required for pre-filling customer service numbers during calls to customer service.
(10.7) Microphone (Android/iOS): Required for voice collection during face recognition or video authentication.
(10.8) Photo Gallery (iOS): Required for saving and uploading identity documents.
(10.9) Notifications (Android/iOS): Required to receive platform notifications, such as order status or promotions.
(1) To comply with national laws, regulations, and regulatory requirements, as well as to provide and improve our services or ensure the security of your account, we will use your information under the following circumstances:
(1.1) To achieve the purposes outlined in the section "How We Collect Your Personal Information" of this policy.
(1.2) To keep you informed about the status of your services, we will send you notifications and reminders.
(1.3) To report to relevant authorities in accordance with laws, regulations, or regulatory requirements.
(1.4) To invite you to participate in customer surveys related to our services.
(1.5) To ensure service stability and security, we will use your information for identity verification, security precautions, fraud detection, prevention of illegal activities, risk mitigation, archiving, and backup purposes.
(1.6) When you apply for products recommended by PesoPath, we may use rules-based or machine-learning technologies to generate your risk profile. This risk profile information is derived from the data we collected as described in Section I of this policy and is processed or anonymized. We will use this information for purposes such as fraud prevention, credit evaluation, and delinquency risk control to provide you with related products or services.
(2) To better serve you, we may combine certain legally collected personal information from various services, anonymize it, and analyze it to create user profiles. These profiles are used to recommend products or services that may interest you. We may send you personalized service notifications or commercial electronic messages via phone calls, text messages, in-app messages, or notifications.
If you refuse this service, you can unsubscribe from this feature, and we will stop providing it, but this will not affect your use of other services we offer.
(3) When displaying your personal information, we will anonymize it by masking or obfuscating certain details to protect your information.
(4) If we intend to use your personal information for any purposes not specified in this policy, we will seek your explicit consent through a confirmation agreement, documentation, or similar means, in accordance with the law. If you do not agree to provide further authorization, you may be unable to use certain services, but this will not affect your access to other services.
(1) To personalize your online experience and provide easier access, we may send one or more small data files called "Cookies" to your computer or mobile device. Each Cookie is unique to you and can only be read by the web server in the domain that sent it to you. Cookies typically contain identifiers, site names, and some numbers and characters. We send you Cookies to save you from re-entering registration or login information and to help determine the security status of your account.
(2) We will not use Cookies for any purpose other than those described in this privacy policy. You can manage or delete Cookies based on your preferences. You can clear all Cookies stored on your computer or mobile device, and you can modify your browser settings to refuse Cookies. However, if you do so, you may need to manually adjust your user settings each time you visit PesoPath, and the information you previously recorded may be deleted, which could affect the security of the services you use.
(1) Sharing
We will not share your personal information with any companies, organizations, or individuals outside of us unless we have obtained your explicit consent. Currently, we may share your personal information in the following circumstances:
(1.1)Sharing in Legal Circumstances: We may share your personal information in accordance with laws and regulations, for the purposes of litigation or dispute resolution, or in response to requests from administrative or judicial authorities and other regulatory agencies.
(1.2) By entering into this Agreement, you consent to sharing necessary information with our affiliated companies to provide you with consistent services based on a unified system, facilitate unified management, and ensure system and account security.
(1.3) By entering into this Agreement, you consent to giving out information with our acknowledged third-party service providers, provided that such information may only be processed after your authorization.
(1.4) Sharing with Suppliers, Service Providers, Consultants, or Agents: To achieve the purposes stated in this policy, we may share your personal information (including phone numbers or messages you have reported) with our suppliers, service providers, consultants, or agents (such as SEC..etc.) to offer better customer service and user experience. These entities may provide technical infrastructure services, analyze how our services are used, measure the effectiveness of ads and services, provide customer service and payment services, conduct academic research and surveys, or offer legal, financial, and technical advisory services. We will only share your personal information for lawful, legitimate, necessary, specific, and explicit purposes and will only share the information necessary for providing services. Our partners are not allowed to use the shared personal information for any purposes unrelated to the products or services they provide.
(1.5) Sharing with Business Partners Based on Your Choices Currently, our business partners include the following types: (a) Loan Institutions: When using PesoPath's loan product recommendation service and applying for loan products provided by loan institutions through PesoPath, you agree that we may charge partner institutions a service fee for recommending loan products to you. At the same time, you agree that, based on your choice, we may share the information you provide, including your mobile number, device information, and qualification details (such as name, age, current residential address, marital status, spouse information, commonly used email address, education level, income range, salary payment method, company name, job type, housing status, emergency contact information, loan purpose, bank card information), with the loan institution to assess your creditworthiness. The loan institution will use this information to determine whether you meet regulatory requirements and whether to issue the loan to you, fulfilling your borrowing purpose. Additionally, when you apply for a loan product from a loan institution through PesoPath and use the repayment service provided by PesoPath, we will need to share the bank card information and mobile number you provide with the loan institution. This is necessary to link your bank card for loan disbursement and to provide you with repayment services. (b) Loan Service Consultation Agencies and/or Their Advisors: When using PesoPath's loan consultation recommendation service and applying for loan consultation services through PesoPath, you agree that we may charge the loan service consultation agency and/or their advisors a service fee for providing consultation recommendations. You also agree that, based on your choice, we may share the information you provide, including your mobile number and qualification details (such as name, age, housing status, monthly income range, business owner status, credit condition), with loan service consultation agencies and/or their advisors. This allows them to recommend suitable loan products based on your qualifications and assist you in completing the loan application, achieving your borrowing purpose. (c) Credit Institutions and Data Service Providers: When you apply for products or services through PesoPath, we may share your name, mobile number, and ID information with credit institutions or third-party data service providers. This allows us to obtain identity verification information, risk identification information, qualification assessments, and credit ratings to evaluate your credit status and provide you with the financial products or services of your choice. (d) Advertising and Analytics Service Providers: To provide you with better services and recommend activities, you acknowledge that we may share your mobile number……. etc. (e) Other Third-Party Service Providers: Other third-party services include earning cash by playing games, discounted top-up services, and credit report inquiries. When you navigate to other third-party service platforms through our platform, you agree that, with your authorization, we may share your name and mobile number with the third-party service provider to help you register an account on their platform, avoiding the need to repeatedly fill out relevant information. The scope and method of collection of your personal information by other third-party service platforms will be governed by the privacy policy or similar documents displayed on those platforms. For third parties with whom we share your personal information, we will conduct data security assessments and sign strict confidentiality agreements. These third parties are required to process personal information according to our instructions, this Privacy Policy, and any other relevant confidentiality and security measures. For the use of sensitive personal data, we will require third parties to adopt data masking and encryption techniques to better protect user data.
(2) Transfer
We will not transfer your personal information to any company, organization, or individual, except in the following situations:
(2.1) Transfer with explicit consent: With your explicit consent, after informing and obtaining your approval, we may transfer your personal information to a third party of your choice.
(2.2) In the case of mergers, acquisitions, bankruptcy, liquidation, or similar transactions: If such transactions involve the transfer of your personal information, we will inform you of the situation. At the same time, we will require the new company or organization holding your personal information to continue being bound by this Privacy Policy. Otherwise, we will require that company or organization to seek your authorization and consent again.
(2.3) As required by laws, regulations, legal procedures, litigation, or mandatory government requirements.
(3) Entrusted Processing
Certain modules or functions of our services may be provided by external vendors. For example, we may hire service providers to assist us in providing customer support.
For companies, organizations, and individuals that we entrust with processing personal information, we will sign strict confidentiality agreements with them, requiring them to process personal information in accordance with our instructions, this Privacy Policy, and any other relevant confidentiality and security measures.
(4) Public Disclosure
We will only publicly disclose your personal information in the following situations:
(4.1) With your explicit consent: We will disclose the specific personal information you designate in the manner you have expressly agreed to.
(4.2) Disclosure required by law: We may publicly disclose your personal information in accordance with laws, legal procedures, litigation, or mandatory requirements by government authorities.
(5) Exceptions to Obtaining Prior Consent for Sharing, Transferring, or Publicly Disclosing Personal Information
In the following cases, sharing, transferring, or publicly disclosing your personal information does not require your prior authorization and consent:
(5.1) When it is related to the performance of legal obligations by personal information controllers as stipulated by laws and regulations;
(5.2) When it is directly related to national security or defense security;
(5.3) When it is directly related to public safety, public health, or significant public interests;
(5.4) When it is directly related to criminal investigations, prosecutions, trials, or enforcement of court rulings;
(5.5) When it is necessary for protecting your or another individual’s life, property, or other major legal rights and obtaining your consent is difficult;
(5.6)When you have voluntarily disclosed your personal information to the public.
(1) Data Security Technology and Management Measures
To ensure the security of your information, we implement industry-standard security measures, including employing security technologies and establishing reasonable system regulations to prevent unauthorized access, use, modification, damage, or loss of your personal information.
Our network services use encryption technologies such as Transport Layer Security (TLS) to provide browsing services via HTTPS, ensuring the security of user data during transmission. All personal information we collect is stored after being encrypted and de-identified. We utilize trusted protection mechanisms to prevent malicious attacks on data. Additionally, we implement strict data access controls, approval processes, monitoring controls, and multi-factor authentication technologies to ensure that only authorized personnel with necessary clearance can access your personal information, preventing unauthorized use of data.
(2) Additional Security Measures Taken by PesoPath to Protect Personal Information
We manage and regulate the storage and use of personal information through data security management regulations, a data classification and grading system, and secure development protocols. We ensure comprehensive data security control by signing confidentiality agreements with individuals who handle sensitive data and conducting background checks. We also establish monitoring and auditing mechanisms. If third parties fail to fulfill their confidentiality obligations, we may hold them legally responsible and terminate our cooperation with them. Moreover, we provide security and privacy protection training to enhance our employees' awareness of the importance of protecting personal information.
(3) We will take all reasonable and feasible measures to ensure that we do not collect personal information unrelated to the functionalities of the services you use. We will only retain your personal information for the period required to achieve the purposes outlined in this policy, unless a longer retention period is needed or permitted by law. After the retention period expires, we will delete or anonymize your personal information.
(4) While the internet is not 100% secure, we recommend that you use secure methods, strong passwords, and take steps to protect your account and personal information. We will do our best to ensure the security of any information you send to us. If our physical, technical, or managerial security measures are compromised, resulting in unauthorized access, disclosure, alteration, or destruction of your information, and your legal rights are harmed, we will work with you to protect your rights and assume our legal responsibilities. If you discover that your personal information, especially your account or password, has been compromised, please contact us immediately using the contact details provided in this Privacy Policy so that we can take appropriate action.
(5) Security Incident Handling
To address potential risks such as personal information leaks, damage, and loss, we have developed several protocols that outline the procedures for handling security incidents.
(5.1) We have established a dedicated data security team responsible for handling security incidents. The team follows protocols for different types of security incidents, implementing loss prevention, analysis, identification, remedial measures, and collaborating with relevant departments for tracing and enforcement.
(5.2) In the unfortunate event of a personal information security incident, we will activate our highest-priority emergency plan, form an emergency response team, and promptly address security risks such as system vulnerabilities, computer viruses, cyber-attacks, and intrusions. We will work to trace the cause as quickly as possible and minimize any losses.
(5.3) In the event of a personal information security incident, we will notify you as required by law, providing details about the incident, potential impact, measures we have taken or will take, suggestions for personal risk prevention, and any remedial measures available to you. We will inform you promptly through your registered contact methods (email, letters, phone, push notifications, SMS). If it is difficult to notify you individually, we will take reasonable and effective measures to publish an announcement.
We will also report the handling of personal information security incidents to regulatory authorities as required.
(6) If you have any questions about our protection of personal information, you may contact us using the contact details provided in this policy. If you find that your personal information, especially your account or password, has been compromised, please contact us immediately so that we can take timely measures.
We value your control over your personal information. In accordance with relevant national laws, regulations, and standards, we guarantee your rights to manage your personal information as follows:
(1) Right to Access, Copy, Correct, and Supplement
You have the right to access, copy, correct, and supplement your personal information at any time, except as otherwise provided by laws and regulations. If you wish to exercise these rights, you can do so in the following ways:
(1.1)Your personal information: You can access your previously submitted basic information, supplementary information, and uploaded ID information by visiting PesoPath Personal Center - Profile.
(1.2) Your order information: You can view the names, amounts, terms, and progress of the loan products you applied for by visiting PesoPath Home - View Progress.
(1.3) Privacy Policy: You can view the platform’s privacy policy by visiting PesoPath Personal Center - Settings - User Agreement.
(1.4) In addition to the methods above, you can also access, copy, correct, or supplement your personal information by contacting PesoPath’s official hotline at 09468684836.
We will complete the review and processing within 20 business days.
(2) Right to Deletion
You may request the deletion of your personal information or delete it by canceling your account in the following circumstances:
(2.1) If our processing of your personal information violates laws or regulations;
(2.2) If we collect or use your personal information without your consent;
(2.3) If our processing of personal information violates our agreement with you;
(2.4) If you no longer use our products or services;
(2.5) If we no longer provide products or services to you.
If you encounter any issues while requesting to delete your personal information or canceling your account, you can consult PesoPath’s official hotline at 09468684836.
If we agree to your deletion request, we will also notify third parties who have obtained your personal information to delete it unless otherwise required by law or if the third parties have obtained your independent authorization. When you delete information from our service, it may not be immediately removed from our backup systems, but we will ensure its deletion during the next backup update.
We will complete the review and processing within 20 business days.
(3) Managing Your Authorization Scope
(3.1) Certain features require you to enable specific permissions and collect necessary personal information. You can change or revoke your authorization by contacting PesoPath’s official hotline at 09468684836, or by managing your device’s permissions as follows:
(a) For iOS devices: Go to Settings - Privacy to manage permissions.
(b) For Android devices: Go to Settings - Apps - Permission Management to manage permissions.
Once you revoke consent, we will no longer process the corresponding personal information. However, your decision to revoke consent will not affect the personal information processing activities that were conducted based on your prior authorization.
(3.2) If you no longer wish to receive personalized service information from us, you can unsubscribe through the following methods:
(a) On our mobile app, go to Home - Account - Settings (top right icon) - Push Notifications to disable personalized services (in-app messages and notifications).
(b) Call PesoPath’s official hotline at 09468684836 to request the cancellation of personalized services (in-app messages, notifications, SMS, phone calls).
We will complete the review and processing within 20 business days.
(4) Account Cancellation
You may cancel your account at any time through the following methods:
Directly apply for account cancellation within our app (cancellation process: log in to PesoPath App - Personal Center - Settings - Cancel Account). or Contact PesoPath’s official hotline at 09468684836 for assistance in canceling your account. If you need our help with canceling your account, you must provide your name (if applicable) and phone number as registered on the account for verification. After account cancellation, we will stop providing products or services to you and delete your personal information as requested, except where otherwise required by law.
We will complete the review and processing within 20 business days.
(5) Right to Restrict Automated Decision-Making
In some business functions, we may make decisions solely based on automated systems, such as algorithms, without human involvement. If these decisions significantly affect your legitimate rights and interests, you have the right to request an explanation, and we will provide appropriate remedies as long as it does not infringe on PesoPath’s trade secrets, the rights of other users, or the public interest.
(6) Responding to Your Requests
To ensure security, you may need to submit a written request or prove your identity through other means. We may require identity verification before processing your request, but we will respond no later than 20 business days after receiving your request.
In the following situations, we may not be able to respond to your request as required by laws and regulations:
(6.1) When related to compliance with legal obligations;
(6.2) When directly related to national security or defense;
(6.3) When directly related to public safety, public health, or significant public interest;
(6.4) When directly related to criminal investigations, prosecutions, trials, or enforcement of court decisions;
(6.5)When there is sufficient evidence to show that you are acting in bad faith or abusing your rights;
(6.6) When it is difficult to obtain your consent but necessary to protect your or others' lives, property, or other major legal interests;
(6.7) When responding to your request would seriously harm the legitimate rights and interests of you or other individuals or organizations;
(6.8) When the request involves trade secrets.
If we decide not to respond to your request, we will provide reasons for our decision and offer channels for you to lodge a complaint.
(1) We place great importance on protecting the personal information of minors. Our services are intended for adults aged 18 and above (and not for students). By entering into this Agreement, you attest that you belong with the age requirement and has no incapacity to enter into this contract with us.
(2) For situations where minors' personal information is collected with the consent of parents or legal guardians, we will only use or disclose such information as permitted by law, with the explicit consent of the parents or legal guardians, or as necessary to protect minors.
(3) If you are a guardian of a minor and have any concerns about the personal information of the minor you are responsible for, please contact us in a timely manner.
(4) If we discover that we have collected personal information of minors without verifiable parental or legal guardian consent, we will strive to delete the relevant data as soon as possible.
(1) We collect your personal information within the territory of the Republic of the Philippines and store it within the country. Currently, we do not transmit your personal information outside the Philippines.
(2) We only retain your personal information for the shortest time necessary to achieve the purposes of the service, unless otherwise required by law or authorized by you.
Once the above retention period has been exceeded, we will delete or anonymize your information.
(3) If we terminate our services or operations, we will notify you at least fifteen business days in advance. Upon termination, we will delete or anonymize your personal information.
Please note that this policy only applies to the products or services provided directly by PesoPath.
When third-party service providers offer services through PesoPath, please be aware that the relevant services are provided by the third party. For information collected by third parties, we recommend that you carefully review their privacy policies or agreements. When you access third-party service pages (including third-party-developed applications or websites), these third parties may place their own cookies or similar technologies. These are not controlled by us and are not governed by this policy. We will make efforts to require these third parties to take protective measures for your personal information. If you discover any risks associated with these third-party applications or websites, we recommend that you immediately discontinue the relevant operations.
Please be aware that some services on the PesoPath app are provided in partnership with our partners.
(1) All services provided by PesoPath are subject to this policy. However, some specific services will be governed by additional privacy protection policies (such as authorizations or power of attorney). We will explain and obtain your consent before providing such specific services. If there is a conflict between the specific privacy policy and this policy, the specific privacy policy shall prevail. Where the specific privacy policy is silent, this privacy policy shall apply.
(2) Our personal information protection policy may change. We will not reduce your rights under this privacy policy without your explicit consent. We will post any changes to this policy on this page.
For significant changes, we will provide more prominent notifications. If major changes occur, we will announce them on the PesoPath official platform or notify you via push notifications, text messages, or phone calls, and obtain your explicit consent for the updated privacy policy. We recommend that you promptly notify us if your phone number changes so that you can receive notifications in time. If you click "Confirm" or proceed after receiving notification of the policy update, it means you have fully read, understood, and accepted the revised policy.
The major changes referred to in this policy include but are not limited to:
(2.1) Significant changes in our service model, such as changes in the purposes of processing personal information, the types of personal information processed, or how personal information is used;
(2.2) Significant changes in our ownership structure or organizational structure, such as changes in ownership due to business adjustments, bankruptcy, mergers, etc.;
(2.3) Changes in the primary recipients of shared, transferred, or publicly disclosed personal information;
(2.4) Major changes in your rights to participate in the processing of personal information and how you can exercise them;
(2.5) Changes in the departments responsible for personal information security, contact methods, or complaint channels;
(2.6) If a personal information security impact assessment report indicates a high level of risk.
(1) Personal Information Protection Officer
We have appointed a personal information protection officer. The contact email for this officer is pesopath@gmail.com. If you have any questions about how we collect, use, share, or protect your personal information, or if you need to file a complaint or appeal, you can contact us via the personal information protection officer's email.
(2) To ensure the security of your request, we will need to verify your identity before addressing your issue. In general, we will complete the verification and processing of your request within twenty business days.
(3) If you are not satisfied with our response, especially if you believe our handling of your personal information infringes on your legal rights, you may report the issue to the relevant government authorities or industry associations.