This Policy sets out the commitment of First Digital Finance Corporation doing business under the names and styles of FDFC, BalikBayad, Loan Ranger and Billease (“FDFC”) regarding the collection, processing, and storage of personal information and sensitive personal information (collectively “Personal Data”) in accordance with the Data Privacy Act of 2012 (“DPA”), its implementing rules and regulations (“DPA IRR”), and other issuances by the National Privacy Commission (“NPC”).

Much of the information we hold about you will be stored electronically in secure data centers. Others will be stored in paper files. We recognize how important it is to protect and manage the information you share with us. We use a range of physical and electronic security measures to protect the personal information we hold. In addition, we use computer safeguards such as firewalls, data encryption, and physical access controls to our office and files. We only authorize access to employees who require it to fulfill their job responsibilities.

Our security systems meet or exceed industry standards and we are constantly monitoring the latest developments to ensure our systems evolve as required.

We may keep details of any phone number(s) that you call us from and use them to contact you.

References to personal information include all of the information above whether obtained from you, from a credit bureau, from the internet or from any other source.

Information we share:

We will keep your personal information confidential and only share it with others for the purposes explained in this policy. We have trusted relationships with carefully selected third parties who perform services on our behalf. All service providers are bound by contract to maintain the security of your personal information and to use it only as permitted by us.

We may share information about you:

• With any firm, organization, or person we use to help us operate our lending business for the purpose of conducting KYC, determination of credit worthiness, fraud prevention, and to collect payments and recover debts or to provide a service on our behalf;
• With any firm, organization, or person who provides us with products or services or who we provide products and services to for the purpose of providing such products and performing such services;
• With any person who has told us and who we reasonably believe to be your parent, carer or helper, when proof is presented that you are unable to handle your own affairs because of mental incapacity or other similar issues for the purpose of proper handling of said affairs;
• With any payment system we may use for the purpose of disbursement of loan proceeds and payment of loans;
• With any Third Party Entities (“Partners”) engaged by the Lender such as the Borrower’s employer (for auto-debit or other auto-deduction mechanisms) whether private or public, telecommunication companies (such as Globe Telecom, Inc., Smart Communications, Inc., PLDT, Inc., Sun Cellular/Digitel Mobile Philippines, Inc.), utility companies (such as Meralco/Manila Electric Company, Maynilad Water Services, Inc., Manila Water Company, Inc.), government agencies (such as SSS, GSIS, NSO, BIR), credit bureaus (such as the CIC, NFIS), remittance companies (such as Palawan Express, Cebuana Lhuillier), insurance providers (such Sun Life Grepa Financial, Inc., Insular Life), financial service providers (such as CC Mobile Financial Services Philippines, GCash/G-Xchange, Inc., PayMaya Philippines, Inc.) for the purpose of (i) determination of creditworthiness, conducting all the necessary background checks that may include credit scoring and investigation, and data analytics; (ii) data analytics, statistical analysis and demographics, business development purposes (such as improvement of the websites, mobile applications, and the Lender’s credit scoring algorithm/s, the creation of effective service delivery and payment collection strategies, improving customer experience and customer assistance), and the direct marketing of the Lender’s existing and prospective financial services as well as the products and services of its Partners; (iii) for fraud detection, investigation, and prevention; (iv) for all phases of provisioning the products and services that the Borrower may apply for including evaluation of loan applications, its automated processing, complying with eKYC (Know Your Customer) regulations required by the Securities and Exchange Commission, Bangko Sentral ng Pilipinas, and the Anti-Money Laundering Council, credit verification, credit scoring, and payment collection.
• With certain authorities in order to detect and prevent terrorism (including to authorities outside the Philippines);
• With any person to whom we sell or transfer (or enter into negotiations to sell or transfer) our business or any of our rights or obligations under any agreement we may have with you. If the transfer or sale goes ahead, the transferee or purchaser may use your personal information in the same way as us;
• With regulatory agencies and government authorities (including but not limited to, the Bangko Sentral ng Pilipinas, the Bureau of Internal Revenue, the National Bureau of Investigation, the Office of the Ombudsman), including those overseas, where we are requested by them to do so;
• With credit bureaus or any similar organization which provides a centralized application matching service that collects information from and about mortgage and/or credit applications, for the purpose of preventing and detecting fraud. We may also provide information to third parties to help them to make decisions about whether to lend to you, allow you extended payment terms or otherwise do business with you.

• Search credit bureaus’ records (including information from overseas);
• Make, or assist in making, credit decisions about you, assess lending (and insurance risks and to check the details that you have let us and others have;
• Operate and manage your account and manage any application, agreement or correspondence you may have with us;
• Carry out, monitor and analyze our business;
• Contact you by email, SMS, letter, telephone or in any other way about our products and services, unless you tell us that you prefer not to receive marketing;
• Identify, prevent, detect or tackle fraud, money laundering, terrorism and other crimes;
• Form a view of you as an individual and to identify, develop or improve products, that may be of interest to you;
• Carry out market research, business and statistical analysis;
• Provide information to independent external bodies such as governmental departments and agencies, universities and similar to carry out research;
• Carry out audits;
• Perform other administrative and operational purposes including the testing of systems;
• Trace your whereabouts;
• Recover any debt you owe us;
• And comply with our regulatory obligations.

Your data may also be used for other purposes for which you give your permission or where we are permitted to do so by law or it is in the public interest to disclose the information or is otherwise permitted under Philippine Law.

When you apply to us for a loan, we will check the following records about you (and others where applicable):

• Our own, including information and records you supplied to us or authorized us to collect; and
• Those at credit bureaus.

Whether or not your application is successful, when credit bureaus receive a search from us, they will place a search footprint on your credit file that may be seen by other lenders. Large numbers of applications within a short time period may affect your ability to obtain credit. This is applicable whether you have been accepted or declined.

The credit bureaus supply us with both public information and shared credit and fraud prevention information including information about previous applications and the conduct of your accounts.

We may also make periodic searches at credit bureaus to manage our relationship with you.

Information provided by you on our applications will be sent to credit bureaus and will be recorded by them. We and other organizations may access and use this information to prevent fraud and money laundering and credit bureaus may use your information for statistical analysis. Information held by credit bureaus will be disclosed to us and to other organizations in order to (for example):

• Prevent fraud and money laundering and to check and assess applications for credit, credit related or other facilities;
• Recover debts that you owe and trace your whereabouts;
• Manage credit accounts and other facilities and decide appropriate credit limits;
• Verify your identity;
• Make decisions on credit and other facilities for you, your financial associate (s), members of your household or your business;
• Check details on proposals and claims for all types of insurance;
• Check details of job applicants and employees.

When you borrow from us, we will give details of your loan and how you manage it to the credit bureaus. If you borrow and do not repay in full and on time, the credit bureaus will record the outstanding debt and, in some cases, the length of time that the debt remains outstanding; other organizations may see these updates and this may affect your ability to obtain credit in the future.

If you fall behind with your payments and a full payment or satisfactory proposal is not received, then a default notice may be recorded with the credit bureaus. Any records shared with credit bureaus will remain on file for a retention period after your account is closed, whether any outstanding sums have been settled by you or as following a default.

If you give us false or inaccurate information and we have reasonable grounds to suspect fraud or we identify fraud, we may record this and may also pass this information to organizations involved in crime and fraud prevention including law enforcement agencies who may then access this information.

We and other organizations may access and use the information recorded by fraud prevention agencies from other countries.

We will hold your personal data and records for as long as necessary for the fulfillment of the above-stated purposes and uses or for the establishment, exercise or defense of legal claims, or for legitimate business purposes, or as may be provided by law.

In the event that your personal data are no longer required to be retained, such data will be disposed or discarded in a secure manner that would prevent further processing, unauthorized access, or disclosure to any other party or the public, or that would prejudice your interests.

Under the DPA, you have the following rights as a data subject:

• You have the right to indicate your refusal to the collection and processing of your personal data. You also have the right to be informed and to withhold your consent to further processing in case there are any changes or amendments to information given to you. Once you have notified us of the withholding of your consent, further processing of your personal data will no longer be done, unless (i) the processing is required pursuant to a subpoena, lawful order, or as required by law; or (ii) the collection and processing is pursuant to any lawful criteria indicated under the terms of this Policy.
• You have the right to reasonable access to your personal data. Furthermore, you have the right to limit and prevent disclosure of your personal data and to receive notification of any possible breaches of your personal data.
• You may also correct or remove any information that you think is inaccurate. You have the right to dispute any inaccuracy or error in your personal data. You may request for the correction or removal of any inaccuracy or error in your personal data by logging into your account or making a formal request with our Data Privacy Officer.
• You have the right to the destruction of your personal data;
• You have the right to damages; and
• You have the right to lodge a complaint with the NPC.

If you would like to make any request in relation to your rights as a data subject, please contact our Data Protection Officer (“DPO”) with the contact details listed below. Please note that the exercise of some of your rights as a data subject is subject to review and may result in the denial of any application currently pending.

Our site may contain links to third party websites. If you follow a link to any of these websites, please note that these websites have their own terms and privacy policies and that we do not accept any responsibility or liability for them.

Our Web site includes Social Media Features such as the Facebook Like button. These Features may collect your IP address, which pages you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted on our Site. Your interactions with these Features are governed by the privacy policy of the company providing it.

We may make changes to this Privacy Policy from time to time (without notice to you) that are necessary for our business requirements or the law. We encourage you to visit this page from time to time to ensure you have read our most current Privacy Policy.

The Data Protection Officer (DPO) is the individual principally responsible for ensuring that FDFC complies with all applicable laws and regulations for the protection of data privacy and security. The DPO is likewise responsible for the supervision and enforcement of this Policy. You may reach the DPO via the following contact information:

Data Protection Officer

℅ FIRST DIGITAL FINANCE CORPORATION

9th Floor T.M. Kalaw Center Building,

667 T.M. Kalaw Ave., Ermita, Manila

Tel. No. (02)53203051

email add.: [email protected]

If you have any questions, concerns or complaints about this Privacy Policy, or our use of your personal information, please email us at [email protected] .