G-XChange, Inc. Data Privacy Notice

We, in G-XChange Inc. (“GCash / GXI”), value and respect the privacy as well as the security and protection of our customers’ personal data including the personal data of our partners and employees.

This Policy sets out to inform our customers and other owners of personal data of our adherence to the privacy principle of: transparency, legitimate purpose, and proportionality, and such other relevant requirements in the collection, processing, storage, transmission and retention of personal data as required by applicable privacy laws that specifically include the Philippine Data Privacy Act of 2012 (“DPA”), and its implementing rules and regulations (“DPA IRR”). This also outlines how GCash collects and processes your personal information during the use of GCash’s platforms such as but not limited to the GCash  app and website.

We may update this Privacy Policy to reflect needed changes in our policy to comply with the law. In such cases, we encourage you to check for updates on our Privacy Policy, if notified. This is available in our website or app for your information and reference.

I. DESCRIPTION OF SERVICE

As an electronic financial platform, we established the following line of services: 

  • Everyday transfers and payments – send money, remittance, bills payment, bank transfers
  • Financial services – save money, invest money, credit, etc.
  • Cash-in flows – payroll, bank debit, remittance (receive money), partner outlets
  • Lifestyle services – shop online, book movies, QR payments, vouchers, etc

II. THE PERSONAL INFORMATION WE COLLECT

Personal Data we collect may either be Personal Information (PI) and/or Sensitive Personal Information (SPI):

Personal Information (PI) is any information from which the identity of an individual can be reasonably and directly ascertained, or when put together with other information would directly and certainly identify an individual, such as: name, date and place of birth, specimen signature or biometrics (fingerprint, face recognition, palm print, etc.), photo, present and permanent address, source of fund or income, name of employer or the nature or self-employment or business, contact details such as personal telephone number, personal mobile number and personal email address, mother’s maiden name, cookie information, user credentials (i.e. username and password, PIN/MPIN, etc.), contacts list, geolocation, and information about the device you use to interact with us.

Sensitive Personal Information (SPI) is any information that falls under the category of personal information with higher security impact as described in applicable privacy law. This information includes but not limited to: marital status, cardholder data (CVV/CVC, Expiry Date), tax returns, government issued numbers peculiar to an individual (ex. SS, GSIS, UMID, etc.)  information on IDs issued by private companies that are duly registered with the Securities and Exchange Commission, and student IDs for those who are not yet of voting age (below 18 years old). 

III. METHOD AND TIMING OF COLLECTING PERSONAL INFORMATION

We collect your Personal Data when you:

  • register and get verified to GCash through web and mobile application 
  • use our the GCash service through different channels 
  • provide us with supporting documents to validate your identity;
  • disclose your personal information through phone calls, emails, SMS or verbal communication with our authorized representatives; and,
  • visit and contact us through our official websites

We also collect your information through our partners enrolling you as their employees, members and suppliers among others for payment disbursements.

IV. PURPOSES OF COLLECTED PERSONAL INFORMATION

We collect your Personal Data, without limiting the generality of the purpose, to facilitate your transaction needs and avail of our products and services, among others:

  • Enhance your customer experience and improve, develop and determine tailored products to meet your preferences and needs; 
  • Communicate relevant products and/or advisories;
  • Send relevant ads on and of our services, and measure the effectiveness and reach of ads services;
  • Abide by any safety, security, public service or legal requirements and processes, as may be necessary; and
  • Process information for statistical, analytical, and research purposes to create anonymous and aggregate reports

We collect your Personal Data to the extent necessary to comply with the requirements of the law and legal process, such as a legal and regulatory obligation, i.e. Bangko Sentral ng Pilipinas (BSP) and Anti-Money Laundering Act (AMLA).

When required by our Privacy Policy and the law and before we use or process your Personal Data for any other purpose, we will ask for your consent.

V. STORAGE AND TRANSMISSION OF PERSONAL INFORMATION

We ensure the presence of reasonable and appropriate physical, technical and organizational privacy and security measures to protect against any threat to the confidentiality, availability and integrity in the processing of your Personal Data. 

Security measures directed to ensure the confidentiality, integrity, and availability of Personal Data being collected and processed include but are not limited to: backup solutions, access control and secure log files, encryption and data disposal and destruction policy.

VI. THIRD PARTY TRANSFER

We provide your information to our accredited third parties, who we engage with to support our business and are likewise bound by obligations to keep your Personal Data confidential and to use them only for purposes for which we disclose it to them.

When there is a need for us to store your Personal Data with a third party, we use contractual arrangements to ensure that those providers take appropriate measures that are aligned with our Data Privacy and Information Security Policies.

Additional third parties to whom we may share your Personal Data are regulatory government agencies where we are bound to comply with reportorial and information submission requirements.

We may also disclose your Personal Data to our third party Affiliates and Partners for marketing research and other specified legitimate purposes only after obtaining your consent on such data sharing. In instances where we are to share your Personal Data with other parties, we will ensure that your Personal Data will be secured and protected under the terms of a Data Sharing Agreement made with the parties that can demonstrate sufficient organizational, physical and technical security measures to protect your Personal Data.

In relation to the disclosure of and release of your Personal and/or Non-Personal Information, you hereby consent that your Personal and/or Non-Personal Information may be collected, deposited, kept, transferred, processed, or otherwise dealt with in another jurisdiction which may be outside of the Philippine jurisdiction where GCash, its subsidiaries and affiliates, and third party partners may maintain their facilities and resources, in providing the GCash Services.

VII. RETENTION PERIOD

We will keep a copy of your registration and transaction records for 5 years after closure of your account in adherence with the requirement of the BSP and other laws and regulations. Your Personal Data will be destroyed in irretrievable and unusable form in adherence with our physical and/or technical information security measures when retention is no longer required with respect to existing laws, rules or regulation.

VIII. RIGHTS OF DATA SUBJECT

We value and respect your rights afforded to you in terms of the privacy of your Personal Data under the Data Privacy Act of 2012. 

This privacy notice is part of our demonstration of keeping your right to be informed that we collect, process, use and share. With regard to your right to access, we can provide you the Personal Data you have entrusted us, provided that such information is not deemed confidential or proprietary by GCash, or that your request for Personal Data is reasonable and with lawful reason.

You have the right to suspend, withdraw, or order the blocking, removal, or destruction of your Personal Data in our processing systems upon discovery and substantial proof that your Personal Data is no longer necessary for the purpose or purposes for which it was collected, and for such other cases provided in the Data Privacy Act of 2012. We will mark your account in our database as “inactive “or “deactivated” but will have to retain your account information in our systems in compliance with the retention period as prescribed by another law, the Anti-Money Laundering Act.  

When you feel that the Personal Data we hold about you is not complete or updated, we have provided you with a self-service facility within the GCash App for you to update your data in your User Profile in relation to your rights to rectification. 

You have the right to seek indemnity for damages sustained, if any, due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your Personal Data. 

Should you feel that there has been mishandling or misuse of your Personal Data, or that any of your privacy rights have been violated, you may email us at gxi.dataprivacy@mynt.xyz

For other GCash related concerns and inquiries concerning the processing of your Personal Data, you may reach us out through the following official channels:  GCashHelp Center (available in app and online at help.gcash.com), 2882 (GCash Support Hotline)

Version: 

This Policy, and any updates, amendments or supplements thereto, is available at GCash’s website at  (https://www.gcash.com/privacy-notice/20200727).

Last updated: July 27 2020