Growsari for Candidates
Growsari for Sari-Sari Stores

SARIPAY PRIVACY POLICY

PLEASE READ THIS END USER SOFTWARE LICENSE AGREEMENT (“LICENSE”) CAREFULLY BEFORE CLICKING THE “ACCEPT” BUTTON OR DOWNLOADING OR USING THE SARIPAY MOBILE APPLICATION (“APPLICATION”) ACCOMPANYING THIS LICENSE. 

BY CLICKING THE “ACCEPT’ BUTTON OR DOWNLOADING OR USING THE APPLICATION, YOU ARE ENTERING INTO AND AGREEING TO BE BOUND BY THE TERMS OF THIS LICENSE.

IF YOU DO NOT AGREE TO THE TERMS OF THIS LICENSE, DO NOT CLICK THE “ACCEPT” BUTTON OR DOWNLOAD OR USE THE APPLICATION.

We, at Saripay, value your right to privacy and we are committed to inform you of what data we collect and how we process and protect your information.

We collect data which includes, but not limited to, phone number, and installed application information and transmit the data to a third party to enable fraud-detection services to prevent fraudulent transactions.

By creating and using your account, you accept the Saripay Terms and Conditions, and Privacy Policy.

Introduction

At G2M Financing Corporation (Saripay), your privacy is important to us. As a commitment to protect your privacy, we have developed this Privacy Policy in accordance with the Data Privacy Act of 2012 (DPA), its Implementing Rules and regulations (IRR), other issuances of National Privacy Commission (NPC) and other relevant laws of the Philippines. This Privacy Policy provides the users an understanding on what personal information is collected, how it is used, shared, and retained, and what you can do to exercise your rights provided under the DPA.

Personal data refers to all types of personal information, sensitive personal information and privileged information. Personal information refers to “any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual”. Common examples of the same would be a person’s name, address and contact information.

By registering an account with us and using our Services, you acknowledge and agree to the conditions, requirements and/or policies indicated in this Privacy Policy, and thus give consent to the collection, use, sharing/disclosure and processing of your personal data as described herein. 

Why do we collect your personal data?

We collect your personal data and your customer’s (SUKI’s) personal data to enable us to achieve our purpose and vision of supporting the MSME network with working capital loans, cash management, remittances, and similar products. Its policy is to provide financial assistance to the community of Sari-sari store and other MSME owners in the Philippines. We also collect your personal data to enable us to comply with regulatory requirements being observed by  Saripay as an employer, controller, processor, and third party.

In general, we are using your data for any of the following purposes:

  • For you to have a better online experience;
  • For you to avail of our services and for us to identify and contact you, verify and confirm your transaction,  including the issuance of receipts and other proofs of transactions ;
  • Process your transactions in a secure manner
  • For you to create a Saripay account which enables you to:
    • Be part of the MSME community at Saripay,
    • Apply for financial assistance for your store,
    • Check the status of applications,
    • View past transactions/applications,
    • Make changes to your account information,
    • Update your account profile, 
  • For you to provide reviews in our products and services;
  • To provide customer service, monitor our quality and security, and provide services timely and efficiently;
  • To ensure security of your data through anti-fraud services and other security measures which may be provided by Growsari or third party providers;
  • To notify and update you (through call, or text) about our complimentary, commercial and promotional advertisements, loyalty and rewards offers, exclusive invites, discounts, surveys, and other direct marketing that we deemed relevant and beneficial to you based on your preference and interest initially provided to us or made aware of, with which you can opt-out anytime should you prefer not to receive these notifications;
  • To respond to specific complaints, inquiries, requests or to provide requested information;
  • To generate statistical insights;
  • To conduct research and analysis (through surveys or polls) in order to improve customer experience/satisfaction; 
  • To do credit scoring exercises; and
  • To improve the content of our Web sites and Saripay Mobile Application.
  • To comply with G2M obligations under law and as required by government organizations and/or agencies such as, but not limited to, the following: NPC, BIR, HDMF or Pag-IBIG, PhilHealth, SSS and so on;
  • To prevent or investigate any actual or suspected violations of our Terms and Conditions, fraud, unlawful activity and/or misconduct, relating to your use of our Services or connected thereto.
  • To comply with legal and regulatory requirements or obligations; and,
  • To perform such other processing or disclosure that may be required under law or regulations.
  • To share your personal data with third-party content providers or other third-party services in order for Growsari to provide its services and/or deems necessary for the proper execution of processes related to the declared purpose in this Privacy Policy

By registering as a user at the platform, you have the option to link other accounts : Growsari App (including GrowCoins), Facebook Messenger and Selected Bank Applications and Accounts, and E-Wallets thru Xendit.

You, as the user of Saripay, warrant that you have obtained the SUKI’s consent for us to collect their personal data for the purpose indicated in the terms and conditions of Saripay and of this Privacy Policy, and specifically for purpose of using the e-service of payment utility bills, purchase of telco load, send/receive remittances and other services included which are analogous to the same.

  • SariPay offers services through you to the Suki’s you provide services to and for that purpose, we capture, collect and process Suki personal information and details that are necessary and helpful to deliver those services. 

We may access the information you have provided in the said accounts in accordance with such provider’s policies and will manage the data in accordance with this Policy at all times.

What type of personal data we collect?

The types of personal data that we collect from you depends on the particular purpose for which you are submitting an application.

For sari-sari store owners who downloaded the Saripay Mobile Application (Application), G2M collects the following information:

  • Basic personal information such as your full name and store name;
  • Your contact details like store address and phone number;
  • Biometrics (fingerprint, face recognition, palm print, etc.);
  • Email address, gender, date of birth, store pictures
  • Sensitive personal information such as username, password, photo, credit card information, valid identification cards, and licenses,
  • Installed application-related information, including but not limited to information about your network and the people and accounts you interact with;
  • Mobile-related information such as mobile phone signal strength, type of mobile device you use, mobile device’s unique device ID, IP address, operating system, type of mobile internet browsers you use, and information about the way you use the Application; 
  • Transaction-related information, such as when you make apply for loans, respond to any offers, download or use applications from us;
  • Financial details for credit scoring purposes such as your sources of income, your credit history, and payment history; 
  • marketing and communications data, such as user preferences in receiving marketing from us and third parties, this includes your communication preferences and history of communications with us, our service providers, and other third parties;
  • usage and transaction data, including details about your searches, orders, the advertising and content you interact with on the Platform, and other products and services related to you, including data that would be for research purposes relating to services;
  • Information you provide us when you contact us for help.

For G2M employees, G2M collects the following information:

  • Basic personal information such as full name, nickname, home addresses, e-mail address, employment information, telephone, other personal contact numbers, username and password;
  • Sensitive personal information such as date of birth, age, occupation, and gender; and,
  • Other sensitive personal information and records such as, but not limited to, the following:
  • Photo,
  • Educational background,
  • Employment record,
  • Family background,
  • Spouse and children’s names,
  • Financial details (e.g., debit and credit card details),
  • Valid identification cards and licenses, and
  • Current salary, basic pay, statutory obligations such as HDMF or Pag-IBIG, SSS, PhilHealth and withholding tax, other benefits.

For job applicants, G2M collects the following information:

  • Basic personal information such as full name, nickname, home addresses, e-mail address, employment information, telephone, other personal contact numbers, username and password;
  • Sensitive personal information such as date of birth, age, occupation, and gender; and,
  • Other sensitive personal information and records such as, but not limited to, the following:
  • Photo,
  • Educational background,
  • Employment record,
  • Family background,
  • Spouse and children’s names,
  • Financial details (e.g., credit card details),
  • Current salary.

For Web site visitors, G2M collects the following information:

  • Your IP address,
  • The search terms you used, 
  • The pages and internal links accessed on our site,
  • The date and time you visited the site,
  • Geolocation
  • Your operating system, and
  • Web browser type.

Please note that you are responsible for ensuring that all such personal data you submit through the site and Application is accurate, complete and up-to-date.

G2M reserves the right to require further documentation to verify your identity and the information you provide.

Who we share your personal data with?

As a general rule, we are not allowed to share your data to third parties except in circumstances as noted below.

By giving your consent, you authorize G2M to disclose your personal data to accredited/affiliated third parties or independent non-affiliated third parties, whether local or foreign in any of the following circumstances:

  • As necessary for the proper execution of processes related to the declared purposes in this Privacy Policy.
  • As required by law, such as to comply with a subpoena or similar legal process.
  • When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
  • With our trusted service providers who work on our behalf, do not have an independent use of the information we disclose to them and have agreed to adhere to the rules set forth in this privacy agreement.
  • If the Company is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email of any change in ownership or uses of this information, as well as any choices you may have regarding this information.

This means we might provide your personal data to the following:

  • Our affiliates, subsidiaries, partner companies, organizations, or agencies including their sub-contractors or prospective business partners that act as our service providers and contractors;
  • Law enforcement and government agencies;
  • All other third parties we deem necessary with which we share this personal data are required to use your personal data in a manner that is consistent with this Privacy policy.

However, these companies may only use such personal data for the purposes disclosed in this Privacy Policy and may not use it for any other purpose.

For Sari-sari Stores who agreed to be a GCash cash-in point, scan-to-pay site and GCash referrer, your personal information (store name, owner’s name, store address, longitude and latitude, mobile number) is shared to Globe Fintech Innovations, Inc. for the following purposes:

  1. To comply with BSP requirements and mandates
  2. To be included in the GCash app cash-in location, validation and settlement of onboarding, store performance tracking
  3. To get pulse ID
  4. For audit purposes
  5. For marketing purposes
  6. For whitelisting
  7. For validating promotions

Aggregated, anonymized data is periodically transmitted to external services to help us improve the Application and our service. We will share your information with third parties only in the ways that are described in this policy statement.

In instances where disclosure of your Personal Data is necessary to achieve the purposes set out in this notice, G2M will ensure that your personal data will be secured and protected under the terms of a Data Sharing Agreement. We will make sure that the third parties we deal with have sufficient and reasonable organizational, physical and technical security measures to protect your Personal Data.

What is our Privacy Policy regarding children?

G2M is very sensitive to privacy issues and we are especially careful in any communications with children. We would never collect personal data from children directly, without the parent’s consent. We do not use the Application to knowingly solicit data from or market to children, or anyone under the age of 18. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, he or she should contact us at dpo@saripay.com. We will delete such information from our files within reasonable time.

Meanwhile, we urge parents to regularly monitor and supervise their children’s online activities.

How we protect your personal data?

We, G2M, know the importance of securing your Personal Data, in paper and electronic format. We take reasonable steps to protect it from misuse, interference, loss, unauthorized access, modification, and unauthorized disclosure. In doing so, we have established and enforced an organizational, physical and technical security measures. We put in effect safeguards such as the following:

  • We store and protect your personal data using a secured server behind a firewall, deploying encryption on computing devices and physical security controls.
  • We restrict access to your personal data only to qualified and authorized personnel who hold your personal data with strict confidentiality. Only these authorized personnel can download your personal data from the Web site/Application.
  • Any personal data that you provide on the Web site/Application is initially processed and stored by G2M using a secured connection.

Please be aware that, although we endeavor to providing you with reasonable security for information we process and maintain, no security system can prevent all potential security breaches. It is equally important that you exercise caution to protect yourself from possible abuse. Be sure to use a strong password, not easily decipherable, to guard yourself against unauthorized access to your account. Always remember to sign-off after using shared devices.

Where and how long do we keep your personal data?

We will retain and keep the information we gathered from you in a cloud we subscribed from Amazon Web Services for such periods as may be required by applicable law or as may be needed to enable us to fully and efficiently achieve the purposes set out in this policy. Your Personal Data will be destroyed when retention is no longer required, or when you request your personal data to be deleted in the system. The information shall be destroyed in irretrievable and unusable form in adherence with G2M physical and technical security measures.

You can stop all collection of information by the Application easily by uninstalling the Application. You may use the standard uninstall process as may be available as part of your mobile device or via the mobile application marketplace or network. You can also request to opt out via email at dpo@saripay.com.

What if there are changes in our Privacy Policy?

This privacy policy may be updated from time to time when there are upgrades to the Web site, Application and our systems. We will notify you of any changes to our Privacy Policy by posting the new Privacy Policy on our Facebook page, Saripay Mobile Application and on our website, www.saripay.com. Any changes in this Privacy Policy will not be retroactively applied. We will not alter how we handle previously obtained personal data without getting your consent, unless required by law.

To the fullest extent allowed by law, your continued use of the Services or platform, including loan applications, the same shall be deemed as acknowledgement and acceptance on your part of any changes made to this Privacy Policy.

How can you access, correct and update the personal data we have about you?

Saripay respects your guaranteed privacy and security rights under the Data Privacy Act of 2012. Among others, you, as a data subject, have the right to request for access or correction of your Personal Data. You also have the right to ask for a copy of any Personal Data we hold about you. Should you want to exercise any of the rights enumerated under the Data Privacy Act, please do not hesitate to contact us. We will process your request subject to any contractual or legal impediments.

We care about what you think, and we are eager to help you with your data privacy concerns. You may reach us through our Facebook page, Messenger, “Contact Us” menu in this Web site/Application, or through an email to our Data Protection Officer (DPO) at dpo@saripay.com.

Data Privacy Consent Form

This is to grant consent on the general use and sharing of information obtained from me in the course of any transaction, between me and Saripay, its parent and affiliates and their respective representatives and agents and/or any of Saripay’s accredited third parties (collectively as “Saripay”). I acknowledge and agree that any authorized member of Saripay may share these data between them and such data may constitute my personal or sensitive personal information which includes the following:

  • Basic personal information such as full name, store name, store address, mobile contact number;
  • Sensitive personal information such as username, password, photo, credit card information, valid identification cards, and licenses;
  • Mobile-related information such as mobile phone signal strength, type of mobile device you use, mobile device’s unique device ID, IP address, operating system, type of mobile internet browsers you use, and information about the way you use the Application;
  • Transaction-related information, such as when you make purchases, respond to any offers, download or use applications from us;
  • Financial details for credit scoring purposes such as your sources of income, your credit history, and payment history;
  • Existence of some installed applications, such as Viber, Messenger, & Facebook, to be able to redirect you to our different communication channels faster; and
  • Information you provide us when you contact us for help.

Said data may be collected, processed, stored, updated, or disclosed by any member of the Saripay by physical, electronic or automated means and shared between and among them or to third parties for (i) regular business use such as marketing initiatives for sari-sari stores and Saripay, data collection and analytics, (ii) for legitimate purposes including but not limited to risk management, know your customer (KYC) checks, prevention and detection of fraud or crime, cross-selling, profiling, (iii) to provide services to me or implement transactions which I request, allow, or authorize, and, (iii) to comply with Saripay’s internal policies and its reporting obligations to comply with (a) Applicable Law, and internal policies or procedures, or (b) any demand and/or requests from any Government Authority for purposes of reporting, regulatory trade reporting, disclosure or other obligations under Applicable Law.

My consent authorizes members of Saripay to process, collect, use, store, or disclose my information between them and to other members, to Governmental Authorities, and to any third parties any third party, who acquires the rights and obligations of Saripay; who processes information, transactions, services or accounts on behalf of Saripay; or who requires the information for market research, product and business analysis, or for marketing or advertising activities by Saripay as may be necessary.

My information may continue to be collected, stored, processed and/or shared between and among members of Saripay for five (5) years from the conclusion of my transactions with them and any of their members or until the expiration of the retention limits set by applicable law, whichever comes later. Saripay shall immediately destroy or dispose in a secure manner any information the retention of which is no longer allowed under the said law.

I understand that I have the right to access, update, or correct certain personal information, or withdraw consent to the use of any of my information as set out in this letter at any given time by communicating with the Saripay Data Protection Officer at Level 10-1 Fort Legend Tower, 3rd Avenue corner 31st Street, Bonifacio Global City, Taguig City, 1632 or via email dpo@saripay.com. I recognize that I may file complaints with and/or seek assistance from the National Privacy Commission.

 

* Updated August 18, 2023