DIGIDO FINANCE CORP.
Digido Finance Corp. (DFC) is committed to protecting the privacy of its data subjects, and ensuring
the safety and security of personal data under its control and custody. This policy provides information
on what personal data is gathered by DFC about its current, past, and prospective clients and
employees; how it will use and process this; how it will keep this secure; and how it will dispose of it
when it is no longer needed.
This information is provided in compliance with the Philippine Republic Act No. 10173, also known as,
the Data Privacy Act of 2012 (DPA) and its Implementing Rules and Regulations (DPA-IRR). It sets
out DFC’s data protection practices designed to safeguard the personal data of individuals it deals with,
and also to inform such individuals of their rights under the Act.
This Data Privacy Notice and Consent Form may be amended at any time without prior notice, and
such amendments will be notified to you in via DFC’s website or by email.
DFC collects, stores, and processes personal data from its current, past and prospective clients and
employees, starting with the information provided at application and to information collected
throughout the whole course of the transaction by the client or in the course of their employment or
engagement by the employee or consultant with DFC and its affiliates and/or subsidiaries. This will
include but not limited to the following:
DFC may also collect, store, and process personal data and information of persons in the data subject’s
contact list in his or her mobile device, whom he or she nominated as her reference and/or guarantor,
for proper identification and verification of data subject’s identity, fraud prevention, credit scoring and
credit verification to establish credit worthiness of the data subject, and compliance to the Anti-Money
Laundering and Terrorist Prevention Laws of the Republic of The Philippines. The disclosing data
subject may be requested to give consent in sharing the personal data of those persons in his contact list,
and may include but not limited to personal data such as name, mobile number, relationship with the
disclosing data subject, residence and email address, and employment details. For this, it is the
obligation of the disclosing data subject to inform the nominated reference and/or guarantor and obtain
the appropriate consent of the latter.
Relative to the immediately preceding paragraph, data subject is also informed that DFC may make and
manage phone calls for proper identification and verification of data subject’s identity, fraud
prevention, credit scoring and credit verification to establish credit worthiness of the data subject,
compliance to the Anti-Money Laundering Laws of the Republic of The Philippines, and enhance user
experience of data subjects.
Furthermore, data subjects may also allow DFC to access the mobile devices location for purposes of
fraud prevention and detection, compliance to the Anti-Money Laundering and Terrorist Prevention
Laws of the Republic of The Philippines, and enhancement of user experience of data subjects.
For DFC Clients
- Contact information, such as, name, addresses, telephone numbers, email addresses and other contact details;
- Personal information, such as date and place of birth, nationality, immigration status, religion, civil status, company ID, government-issued IDs, web information, recommendations and assessment forms from present and previous employees, etc.
- Demographic and lifestyle information of the client;
- Information DFC receives when making a decision about the data subject, data subject’s loan or application (including information collected from credit bureaus or other sources), details of the loans the data subject have and have had with us and all transactions, details of when the data subject contacted DFC and when the latter contacted the data subject, mobile device data (such as SIM, IMEI, or other device identifiers type of device, device operating system, device settings, user account information for your mobile device or Google PlayStore account, information about mobile network provider, device specifications), location data (such as mobile device location, time zone setting); phone data (such as contact lists and metadata, SMS metadata, types and nature of mobile applications found on your mobile device), mobile app usage data (such as traffic volume, mobile app usage) and telecommunications usage data or “telco usage score,” and any other information which DFC reasonably need to operate data subject’s account, make decisions about the data subject or fulfil our regulatory obligations.
- Disclosures on family background, including information on parents, guardians, siblings, related DFC stockholders, directors, and/or employees, etc.
- Photographic and biometric data, such as, photos, CCTV videos, fingerprints, handwriting and signature specimens
- Employment Records, educational data, including data gathered using third party online tools or sourced from third party service providers;
- Financial data including but not limited to the disclosures from BAP, NFIS, CIC and other credit unions or reporting agencies, and/or transaction records/history with banks and/or other financial institutions;
- Records regarding their previous and pending court cases, if there are any;
- Health records, psychological evaluation results, disciplinary records, and physical fitness information;
- Contact information of the client’s reference and/or guarantor. The data to be collected shall include but not limited to the following: including but not limited to the following personal data: name, address, phone numbers, email, employment, and his/her connection with the client;
- Other personal and/or sensitive personal information, which was disclosed to DFC through transaction;
For DFC Employment Applicants, Employees and/or Consultants
- Contact information, such as, name, addresses, telephone numbers, email addresses and other contact details;
- Personal information, such as date and place of birth, nationality, immigration status,
religion, civil status, government-issued IDs, web information, recommendations and
assessment forms from present1 and previous employees, etc.;
- Disclosures on family background, including information on parents, guardians, siblings,
related DFC stockholders, directors, and/or employees, etc.;
- Photographic and biometric data, such as, photos, CCTV videos, fingerprints, handwriting
and signature specimens;
- Employment Records, educational data, including data gathered using third party online
tools or sourced from third party service providers;
- Financial data including but not limited to the disclosures from BAP, NFIS, CIC and other
credit unions or reporting agencies, and/or transaction records/history with banks and/or
other financial institutions;
- Records regarding their previous and pending court cases, if there are any;
- Health records, psychological evaluation results, disciplinary records, and physical fitness
- Contact information of the employees employment reference, including but not limited to the
following personal data: name, address, phone numbers, email, employment details, and
his/her connection with the client;
- Other personal and/or sensitive personal information, which was disclosed to DFC at any
stage of the application or employment;
Channels of Data Collection
DFC shall collect information about the data subject in the following ways:
- Information that the data subject provided DFC through communications with DFC
employees or its application;
- Information that the data subject authorized DFC to collect through its applications, such as
photographs obtained via access to data subject’s smartphone camera or photo gallery, phone,
email, or social media contact lists and metadata for the purpose of KYC and preventing
fraud, or credit scoring and/or verification;
- Information from outside sources such as credit bureaus and customer service providers to
help us with customer verification and credit-related decisions.
Use of Information
The collected personal data is used solely for the following purposes:
- Processing of credit application of client and confirmation of the identity of prospective
client and their reference or guarantors;
1 Applicable to applicants or shortlisted candidate
- Processing of credit application, including verification and confirmation of all disclosed
personal and sensitive information;
- Conduct of the ‘Know Your Client’ exercises to establish and verify the identity of the
prospective client, prevent and/or detect possible attempts to commit fraud and other related
criminal offenses, credit scoring, credit verification, and comply with the regulations of the
Anti-Money Laundering Council;
- Analyze disclosed personal data of the data subjects and data subject’s reference or
guarantor/s, to be able to craft products and services tailored the needs and requirements of
the data subjects;
- Verifying authenticity of financial and personal records and documents
- Analysis, validation and evaluation of the financial documents, to establish credit worthiness of the client and determine potential risks. This includes sharing of client’s personal data and sensitive personal information to Third-Party Service Providers (TPSPs) such as JuicyScore (https://score.jcsc.online/), for risk profiling, risk scoring, identity verification and validation, and fraud detection and/or prevention, using automated-identity verification systems. TPSP such as JuicyScore uses these shared personal data and sensitive personal information, for and in behalf of DFC, only for the purposes specified in the Service Level Agreement and as described herein, to which the existing and prospective clients consents. JuicyScore and all other TPSPs DFC contracted to process personal data and/or sensitive personal information shall not keep, retain, and/or maintain DFC’s existing and prospective client’s personal data or sensitive personal information DFC shared to them;
- Facilitate and complete the transaction applied, share it within our group of companies and
offer the clients products suitable or relevant to their requirements and/or profile;
- Protect personal information and sensitive personal information disclosed to secure accounts
from fraud and other illegal activities;
- Perform legal and regulatory duties to further improve due diligence in anti-money
laundering and counter-terrorism efforts as well as other mandatory and required activities
by the law or regulations by our supervising agencies;
- Settle claims or disputes involving DFC’s products and services. The personal data or
sensitive personal information may also be used for prosecuting or defending DFC or its
employees when needed;
- Share or disclose personal data and/or sensitive personal information to third-party service
provider, as may be required by law, regulation, or by a court order;
For Employment Applicants and Employees
- DFC uses employee data for variety of personnel administration, work and general
management purposes, such as administration of compensation and benefits, performance
evaluation and reviews, learning and development, promotion and succession planning and to
maintain efficient and effective records management;
- DFC may also use your information in confidential references in connection with your
applications for employment (eg. data verification of school credentials and previous employers)
or further education or financial references; and where an employee is undertaking a further study
or training which DFC has paid for, or made a financial contribution towards specific information
on such member of employee’s professional growth and development and achievement;
- DFC may also use your information in order to publicly recognize your achievements,
accomplishments and celebrations. Should you wish to opt out for this purpose, please contact the
People and Culture Department;
- DFC may also use your information to further enhance the policies, programs, compensation
and benefits regime, and other services offered by the People and Culture Department;
- DFC may also share your information with third party contractors who perform services on
our behalf, such as reviewing and developing our business systems, procedures and infrastructure
(including testing or upgrading our computer systems), the provision and administration of legal
and accounting advice, insurance, retirement funds, and employee benefits. Finally, for human resources purposes DFC may also share your information with the client(s) to whom you may be
or are assigned to perform services;
- DFC may also share your information with other credit unions, government agencies and
other regulatory bodies such as but not limited to accrediting agencies for the verification of your
personal data held by the Corporation;
- DFC may also share your information with banks, financial/credit companies, and other
institutions conducting character or background investigation.
All personal data and information collected and/or were disclosed by the data subjects by reason of
their application, transaction, and/or any interaction with the Corporation will be uploaded and stored
on our server (https://api.unacash.com.ph), and will not be shared with any third party.
DFC will not share your personal data with third parties unless necessary for the above-mentioned
purposes and unless you give your consent thereto. Such third parties may include DFC’s business
units, subsidiaries, affiliates, agents, outsourced service providers and other third parties.
We engage outsourced service providers to support us in delivering services to you. Our third parties
include government regulators, judicial, supervisory bodies, tax authorities or courts of competent
jurisdiction. We engage third parties for the following reasons:
- Verify your personal information
- Assist in business operations
- Comply with legal requirements
- Addressing fraud, security or technical issues, to respond to an emergency or otherwise protect the rights, property or security of our customers or third parties
- Carrying out all other purposes set out above
Personal data shared with third parties shall be covered by the appropriate agreement to ensure that all
personal data is adequately safeguarded.
DFC does not, will not, sell personal data to any third party. All our engagements with third parties
shall be fully-compliant with our obligation of confidentiality imposed on us under applicable
agreements and/or terms and conditions or any applicable laws that govern our relationship with you.
Personal data under the custody of DFC shall be disclosed only to authorized recipients of such data.
Otherwise, we will share your personal data with third parties only with your consent, or when required
or permitted by our policies and applicable law, such as with:
Where DFC consider it necessary, indispensable or appropriate, for the purposes of data storage,
enhanced security, account processing, providing any service or product on our behalf to you, or
implementing new or enhanced system for our products and services, we may transfer the custody of
your personal data to third parties within or outside of the Philippines, under conditions of
confidentiality and similar levels of security safeguards.
DFC strictly enforces data privacy and information security policies. It implements technological,
organizational and physical security measures to protect your personal data against loss, misuse,
modification, unauthorized or accidental access or disclosure, alteration or destruction. We put
safeguards such as the following:
- We keep and protect data using a secured server behind a firewall, deploying encryption on
computing devices and physical security controls
- We restrict access to your personal data only to qualified and authorized personnel who hold
your personal data with strict confidentiality
- We train our employees to properly handle your data and
- We require our third parties to protect personal data aligned with our own security standards.
We continue to implement organizational, administrative, technical, and physical security measures to
safeguard your personal data. Only authorized personnel have access to your personal data, the
exchange of which is facilitated through internal shared servers, email, and paper files.
Should third parties need access to your personal data, we require some form of data sharing agreement
with them, in compliance with the DPA and the DPA-IRR.
The hard copy of the documents submitted to DFC and its digital files are securely stored: employing
physical security in its principal place of business to safeguard the paper files and technical security to
protect the digital files.
Retention of Information
DFC stores personal data and sensitive personal information in a data center (on premise and cloud)
and physical document storage facilities.
It retains personal data only according to its operational needs and in compliance with legal and
regulatory purposes or requirements. DFC’s data retention and disposal policy is in accordance with
R.A. 9470 (National Archives of the Philippines Act) and AMLC and/or BSP regulations, if
applicable. In general, DFC shall only retain your personal data and sensitive personal information for
five (5) years after the processing relevant to the purpose has been terminated. However, DFC may
retain your data when necessary to establish, exercise or defend legal claims, for legitimate business
purposes, or when provided by law.
In compliance to NPC Circular No. 20-01, data subjects are given the option to disable features and
functionalities relating to disclosure of personal data of reference and/or guarantors within the mobile
app/platform, after the completion of the processes, where such personal data or information was
collected. However, notwithstanding the aforementioned provisions of the law, DFC has the right to
continue processing information about a person even without his consent in cases where this is
necessary to protect the life, health or other vital interests of the data subject, the operator or third
parties or where it is directly enshrined under Sec. 13 of the Data Privacy Act of 2012.
Completeness and Accuracy of Personal Data and Sensitive Personal Information
Data subjects should ensure that personal data submitted to DFC is complete, accurate, true and correct.
Failure on your part to do so may result in our inability to provide you with products and services you
have requested. Data subjects should inform DFC immediately of any change of facts or circumstances
which may render any personal data or information previously provided inaccurate, untrue, or incorrect
and provide any information or documentation DFC may reasonably require for the purposes of
verifying the accuracy of the updated information or personal data.
DFC strongly encourage data subjects to be vigilant in protecting your personal data by ensuring that
their account details, PINs, username and password are secured and not disclosed to others or written
somewhere accessible to others. DFC advises the data subjects to exercise caution in protecting
themselves against phishing, skimming and other electronic fraud and to remain alert for suspiciouslooking offers, pretending or representing from the Corporation. DFC advises its clients that DFC will
only communicate through its official channels and applications.
Rights of the Data Subjects
Under the Data Privacy Act, data subjects have the following rights:
a) Right to be informed;
b) Right to object;
c) Right to access;
d) Right to rectify or correct erroneous data;
e) Right to erase or block;
f) Right to secure data portability;
g) Right to be indemnified for damages; and
h) Right to file a complaint.
DFC’s decisions to provide access, consider requests for correction or erasure, and address objection to
process data as it appears in its official records, are always subject to applicable internal policies,
relevant laws and regulation.
For further inquiries or complaints, please visit our website at https://www.unacash.com.ph or get in
touch with our Compliance Department at (02) 8539-2143 loc. 4002 or 4004 or email us at
Data privacy requests and concerns
For data privacy requests and concerns, you may write to our Data Protection Officer at
Data Protection Officer.
Digido Finance Corp.
15/F IBP Bldg., Jade Drive
Ortigas Center, San Antonio
1605 Pasig City
Changes in the Data Privacy Notice
DFC may amend this Data Privacy Notice in whole or in part to ensure that it is consistent with
industry trends, legal and regulatory requirements applicable to how we handle your personal data and
to ensure better protection of your personal data or information. Relevant updates will be posted on
The submission of personal data and information by the data subject to DFC signifies that he or she
have read and understood the above Privacy Notice and expressly agree and give his or he consent to
the processing of his or her personal and/or sensitive personal information in the manner and for the
purpose provided in this Notice. The data subject understands and accepts that this will include access
to personal data and records submitted, which may be regarded as personal and/or sensitive personal
data as provided under the Data Privacy Act of 2012.
DFC is also authorized to disclose the data subject’s data to accredited/affiliated third parties or
independent/non-affiliated third parties, whether local or foreign, in the following circumstances:
- As necessary for the proper execution of processes related to the declared purpose;
- The use or disclosure is reasonably necessary, required or authorized by or under law; and
- Provided security systems are employed to protect the personal data or information;
For complete reference on the Data Privacy Act, please visit the National Privacy Commission website