The objective of this statement is to explain how we collect, use, share, retain, dispose, and protect your personal data and how we enable your rights under the Data Privacy Act of 2012 (DPA).
We at G-Xchange Inc. (GCash/GXI) are committed to ensuring that your privacy is secured and protected. We respect your right to know how we process and protect your personal data, which is why we are providing this notice.
We collect your personal data, without limiting the generality of the purpose, to facilitate your transaction needs and avail yourself of our products and services. These include the following:
Further, we collect your personal data to the extent necessary to comply with the requirements of the law and legal process, such as legal and regulatory obligations under the Anti-Money Laundering Act (AMLA) and Bangko Sentral ng Pilipinas (BSP) issuances; or to prevent imminent harm to public security, safety or order.
We also need your personal data for statistical, analytical, and research purposes to generate anonymous and aggregated reports.
When required by our Privacy Policy or the law, we will ask for your consent before we process your personal data.
The personal data we collect about you may either be personal information (PI) and/or sensitive personal information (SPI):
There are many ways by which we collect your personal data
Collection of your personal data relies to the fullest extent possible on the original source.
In cases where we might need to share your personal data, we do it in a secure manner and in compliance with the standard security and technical measures and requirements of the DPA. As part of our organizational security measure, we enter into data privacy agreements to ensure that recipients of your personal data implement reasonable and appropriate organizational, physical, and technical measures.
As part of our operations and the delivery of our offered products and services, there may be times when we are required to disclose your personal data to the following parties:
In accordance with law, we will use your personal data for as long as necessary to satisfy the purposes for which they were collected or to comply with applicable legal requirements. For the avoidance of doubt, we will only keep a copy of your records based on the assigned retention period per type of record below:
Your personal data will be destroyed in an irretrievable and unusable form in adherence to our physical and technical security measures, which are consistent with industry standards. We will initiate disposal as soon as retention is no longer required by existing laws, rules, or regulations.
For paper records containing personal data, they will be securely disposed of through the process of cross-cut shredding. Meanwhile, personal data stored in tapes, hard disks, and other forms of electronic media, will be destroyed such that it will be completely unreadable and cannot be accessed or used for unauthorized purposes through secure wipe solution.
We recognize the risks involved whenever we process your personal data so that you can establish an e-wallet and avail yourself of various GCash-enabled services. These risks include account takeovers, social engineering, hacking, and others. Considering these risks, we deploy a variety of security measures to protect your personal data, whether in paper or electronic format. In particular, we take reasonable steps to secure your personal data from misuse, interference, loss, unauthorized access, modification, and unauthorized disclosure by implementing security measures within GCash, such as:
We establish and enforce additional applicable organizational, physical, and technical security measures that are aligned with industry-recognized standards.
When there is a need for us to store your personal data with a third party data storage provider, we use contractual arrangements to ensure that those providers take appropriate measures that are aligned with our Data Privacy and Information Security Policies.
In addition to the security measures we implement to protect your data, we advise you to stay vigilant and always protect your credentials. Please inform us right away if you think your credentials have been compromised or you became susceptible to the kinds of risks we mentioned earlier. Never share your MPIN or OTP. To learn more about how you can protect your GCash Account, please visit our Help Center.
We may arrive at a decision by automated means without any human involvement (otherwise known as automated decision making), especially when we evaluate your information to get a sense of your profile as a customer. We perform customer profiling by way of evaluating, analyzing, or predicting your financial preferences, reliability, and behavior. This involves assessing your transaction history, repayments, and account balances in order to predict when you might want to increase an existing credit capability.
You may ask us not to make decisions about you that are based solely on automated processing by exercising your rights. If you do this, certain products and services may not be offered to you.
Under the DPA, you have certain rights regarding the personal data that we hold about you. These rights include the following:
We will process all your requests for access, correction, or data portability involving your personal data unless there are legal reasons that would prevent us from doing so. You have the right to ask for a copy of any personal data we hold about you, as well as the right to ask for its correction if you think it is wrong.
As we care about what you think, your feedback, and your requests, you can reach us via email gxi.dataprivacy@mynt.xyz (Data Protection Officer) and/or phone 2882 (Customer Care).
We will update this notice from time to time so that we can give you the most up-to-date information concerning the security of your personal data, as well as to keep responsive to data privacy requirements and technology security advancements. We encourage you to check this page regularly to ensure that you remain updated and pleased with any changes we made.