Statement of Applying for Installed Application Permission

Please allow Mocasa to compare the installed applications on your device with a list of suspected malware/viruses to detect whether your financial transaction or credit application environment is safe.

Therefore, Mocasa needs to upload and analyze the NON-SENSITIVE application identifiers matched in the above process to protect Mocasa from any cyber security risk. Mocasa does not have access to any of your private content in other applications. Unmatched apps will not be visible to Mocasa to protect your privacy. In this way, Mocasa can warn you of the risk of privacy leakage before you enter the password or key information such as your ID number.

We strongly recommend that you agree to this authorization. If you choose not to authorize after fully understanding, you will not be able to use Mocasa's core financial functions or other major functions, such as applying for credit or a loan.

After your explicit authorization, Mocasa will encrypt and upload the above information to https://service.mocasa.com securely. These data will not be shared or sold to third parties in any form.

Mocasa App Privacy Policy

Updated date: October 23, 2023

 

Philippine Cashtrout Lending Corp., a corporation organized and existing in the Philippines (“Mocasa”, “we”, “us” or “our”) takes your privacy very seriously. This privacy policy (this “Privacy Policy”) describes what information we collect from you, the purposes for which we collect and process it, how we use it, who we share it with, how long we retain it, and your rights in relation to it. You should read and understand this Privacy Policy in its entirety. 

This Privacy Policy applies in connection with your use of the Mocasa mobile application found here (the “Mocasa App”) and your use of our services through the Mocasa App or otherwise.

1. What personal data does Mocasa collect and process? From where does Mocasa collect your personal information?

Mocasa collects the following personal data (as defined under applicable law), including personally identifiable information:

  • Identification data (e.g., first name, surname, date of birth, image);
  • Data provided by you through your responses (e.g., information and documents about your income or employment, your educational attainment, information about your mobile device);
  • Contact details (e.g., address, phone number, alternate phone number, email address);
  • Government-issued identification data and documents (e.g., SSS ID, UMID, Passport, Driver’s License, PhilSys ID);
  • Mobile device specifications (e.g., SIM, IMEI, IP address, or other device identifiers, type of device, device operating system, device settings, user account information for your mobile device, the name and network information of your mobile network provider, device specifications (such as screen size, resolution, CPU capacity, etc.));
  • Location data (e.g., mobile device location);
  • Transaction data and financial information (e.g., loans, payments, loan requests, tax information);
  • Device behavioural data (e.g., types and nature of mobile applications found on your mobile device);
  • Telecommunications usage data (e.g., subscription data, payment details, applications and usage data, telco score);
  • Mocasa App usage (e.g., traffic (volume) data, information about your usage or non-usage of the Mocasa App);
  • Information related to your communications with Mocasa (e.g., your communications with Mocasa via in-app chat, email, telephone or other channels);
  • Information provided by you in relation to participation in special offers and promotional activities conducted by Mocasa (e.g., promo codes, games, contests, discounts, and participation in by-invitation-only groups);
  • Certain third party data (e.g., information provided to or from credit reference agencies or bureaus, external collections agencies, mobile network providers).

Mocasa collects your personal data from:

  • You, when you download the Mocasa App and/or indicate that you want to apply for credit;
  • Your other interactions with us, including Information you may voluntarily share with our customer support team or other Mocasa employees or agents;
  • Your mobile device (through the device permissions is more fully described below); 
  • Credit reference agencies (who may check your personal data against other databases – public and private – to which they have access) or fraud prevention agencies;
  • Third parties and other publicly available sources, with your consent, when necessary (e.g. we may receive Information from other disbursement channel vendors or other business partners (such as telecommunications companies and credit scoring service providers) that may assist us in providing services to you);
  • Third parties who communicate with us through the contact information that you provided to us. 

Collection and processing of your personal data by Mocasa is necessary for the provision of Mocasa’s products and services and to comply with applicable legal and regulatory requirements to which you and/or Mocasa is subject. Apart from such cases, we do not collect Information without your specific prior consent.

2. What are the purposes for which your personal data is processed? How does Mocasa use your personal information?

  • To assess your eligibility to use our products or services (including, but not limited to, credit scoring and assessing your creditworthiness, determining whether you can afford a product or service you requested and/or determining whether you are eligible for additional benefits of an existing product);
  • To service your account with Mocasa (including, but not limited to, processing disbursement of your funds and collecting repayment of your outstanding balance);
  • To verify your identity and/or other information you provided to us;
  • To detect, combat and prevent fraud, attempted fraud, money laundering and/or other illegal uses of our services;
  • To analyze customer behavior;
  • To administer our systems, maintain service quality and compile general usage statistics;
  • To analyze and improve our services;
  • To troubleshoot any problems you or other customers encounter with Mocasa’s services;
  • To comply with applicable laws, regulations, and rules, such as those relating to “know-your-customer” (KYC), customer verification, transaction monitoring, and/or anti-money laundering;
  • To send you marketing or advertising notices or other promotional offers, to the extent you have not objected to the use of your personal data for direct marketing purposes after proper notification, to send you marketing or advertising notices or other promotional offers;
  • To provide service updates;
  • To provide staff training (where we may monitor or record customer interactions);
  • To interface with credit reference or fraud prevention agencies;
  • To provide customer service or support and to resolve disputes and complaints;
  • To contact you by telephone using autodialed or prerecorded message calls or text (SMS) messages (if applicable) as authorized for the purposes described in this Privacy Policy.

We process your personal data for the purposes set out above on the following grounds: 

  • To carry out our obligations to you as a result of any contracts or agreements entered into between you and us (i.e., where necessary for the adequate performance of our contract with you and/or to take steps requested by you prior to entering into a contract with you);
  • To carry out our legal obligations under applicable law;
  • In connection with our legitimate interest in (1) providing you with credit and/or other financial or technological products or services, (2) operating our business, (3) marketing our products and services to you and others and (4) administering our systems and keeping our records up to date;
  • With your prior consent. 

3. Who do we share your personal data with?

  • General

Mocasa will not disclose any Information containing personal data (as defined under applicable law) to any third parties unless it is necessary and/or appropriate in order to provide Mocasa's products or services (provided, that, we may share limited personal data (as defined under applicable law) with select partners for research and development). Whenever practically feasible, Mocasa will only share your personal data with third parties in an anonymized or de-identified format.

You understand and agree that we may, as necessary and/or appropriate for the purposes provided above, transfer and disclose your personal data to:

  • employees, subcontractors, agents, service providers, or associates of the Philippine Cashtrout Lending Corp. (including directors and officers);
  • bank partners;
  • intermediary, correspondent and agent banks, non-banks, quasi-banks or other financial institutions, clearing houses, clearing or settlement systems, market counterparties, upstream withholding agents, licensed electronic or mobile wallet providers, remittance and transfer companies, credit reference agencies or credit bureaus;
  • service providers with contractual or fiduciary relationships with Mocasa (e.g., to facilitate transaction processing, fraud prevention, cloud data storage or data transfer); 
  • telecommunication companies (e.g., Globe, TM, GOMO, Smart, Talk&Text, PLDT, Sun Cellular);
  • external collection agencies (to assist in the collection of any unpaid obligations to us);
  • external counsel, external auditors, and consultants, when necessary to resolve disputes or complaints;
  • a party in connection with any merger, acquisition or sale of all or substantially all of the assets of Mocasa and/or any company within the Philippine Cashtrout Lending Corp.;
  • a party in connection with any assignment of credit or the creation of a security interest involving outstanding balances owned to Mocasa;
  • to other public or private third parties to the extent (1) we have a duty to disclose or share your personal data in order to comply with any legal obligation (e.g., the Credit Information Corporation, the Bureau of Internal Revenue), (2) necessary or appropriate to enforce or apply any agreement with you, and/or (3) necessary or appropriate to protect the rights or safety of Mocasa, the Philippine Cashtrout Lending Corp. and/or our customers.

The above parties may also process or disclose your personal data for the purposes set forth above, so long as such processing or disclosure is in compliance with this Privacy Policy. 

Further, Mocasa may also share your personal data with law enforcement or other government agencies in connection with a formal request, subpoena, court order, or similar legal procedure, or when we believe in good faith that disclosure is necessary to comply with the law, prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of our agreements with you.

4. For how long will we retain your personal data?

Your personal data will be stored or retained by Mocasa for a reasonable time necessary for the purposes listed in this Privacy Policy We are required to retain your personal data for a period of at least five (5) years in compliance with anti-money laundering and terrorism financing prevention regulations, notwithstanding requests for deletion. We may also retain your personal data (i) for as long as necessary to comply with any legal obligation; (ii) whenever such is authorized under the law; and (iii) for the establishment of legal defenses. Information that is no longer needed for the purpose(s) for which it was collected shall be deleted or anonymized except as necessary to comply with legal obligations.

5. Where do we process, store or transfer your personal data?

We will ensure that adequate safeguards are in place in accordance with applicable law and/or the Philippines’ data protection requirements. The safeguards we will use will depend on the circumstances and the party to whom we transfer your personal data. Your personal data may be processed by any of the parties described above. Mocasa will use all reasonable and appropriate efforts as required by applicable law to protect your personal data.

6. Automated decisions and profiling

We may make certain decisions in relation to our provision of our products and services to you by using automated decision-making processes, without human involvement. 

  • Credit decisions

When you apply for credit, we’ll use automated processing to decide whether to lend to you and/or make other decisions about your eligibility for our products and services, based on the personal data collected. This automated processing enables us to provide rapid, responsive and tailored credit services to customers who may not have credit histories, prior bank or other financial data or income from formal sources.

Our credit and underwriting models utilize data science and machine-learning technology to process your personal data and assess your creditworthiness. The associated processing of your personal data is automated and little to no human intervention is involved. Using such automated processes to assess your creditworthiness means we may automatically decide that you may be ineligible for our services or ineligible for credit of a particular amount or tenure. Our credit and underwriting models are regularly tested to ensure they remain fair, accurate and unbiased.

  • Detecting fraud

Mocasa also utilizes automated processes to detect, combat and prevent fraud. Our fraud models may automatically decide that a certain individual poses a fraud or money laundering risk (e.g., if our processing reveals information or behavior consistent with money laundering or known fraudulent activity, if the activity is inconsistent with prior activity on our platform or if an individual appears to be hiding their true identity). If our fraud models determine that processing of a transaction or approving a certain individual creates a risk of fraud, that individual’s access may be suspended or refused.

7. Your rights as a data subject

You may contact us to exercise your rights as a data subject at support.user@mocasa.com. Please note that there may be occasions when you wish to exercise your rights and we are unable to agree to your request (e.g., because we have compelling legitimate ground for using or processing your personal data or because we we need to retain your personal data to comply with a legal obligation.

  • Right to be informed

We must provide you with certain information related to how we collect your personal data, how we use your personal data (and our legal basis for doing so), who we share your personal data with, where we obtained your personal data and your rights as a data subject. This information is provided within the Mocasa App and in this Privacy Policy in clear language.

  • Right to access

You may ask for a copy of the personal data (as defined under applicable law) we hold concerning you (and your Information related to such personal data), as well as information on how such personal data has been processed, unless providing some or all of it would adversely affect the rights and freedoms of others or applicable law requires that we do not comply with your request. The right to access does not apply to analyses made by the Mocasa with respect to your personal data, such as inferred, derived, modeled, or business-generated data.

  • Right to rectification

You may ask us to correct any personal data which you believe to be inaccurate. We will promptly update any such personal data. In connection with your request, you may be required to provide supporting evidence or other documentation so that we may verify the accuracy of the request.

  • Right to erasure or blocking

You may ask us to erase your personal data (as defined under applicable law):

  • If you believe it’s no longer necessary for us to retain such personal data;
  • If you do not believe we have legitimate ground for processing it;
  • If you think we are using such personal data unlawfully;
  • If you think applicable law requires that we do so;
  • Right to restrict or object to processing

Where the processing of your personal data is based on your consent or our legitimate interest, you may ask us to stop using your personal data (as defined under applicable law):

  • if you think such personal data is inaccurate; 
  • if you think it’s illegal for us to use such personal data;
  • if you don’t want us to destroy such personal data because you need it for legal proceedings;
  • if you’ve informed us that we don’t have a legitimate reason for using it and we’re considering your request.
  • Right to data portability

If we’re using your personal data on the basis of your consent or because we need it to carry out our contractual obligations to you, you can ask us to give you your personal data (as defined under applicable law) in a structured, commonly-used and machine-readable format or have it transmitted to another data controller. The right to data portability is limited to data that you provided actively and knowingly, or that you provided by virtue of the use of our services. 

You have the right to file a complaint with the relevant government agencies for any violation of your rights as a data subject. Please note that there may be occasions when you wish to exercise your rights and we’re unable to agree to your request (e.g., because we have compelling legitimate grounds for using or processing your information or because we need to retain your information to comply with a legal obligation).

8. Advertising and Marketing

If you no longer with to receive advertising, marketing or promotional messaging, please contact us at support.user@mocasa.com and we will remove you from such communication lists.

9. Consequences of not providing us with your personal data

You are not required to provide us with your Information or any associated personal data (as defined under applicable law) and you may withdraw your consent from the use or processing of such Information or personal data. However, if you do so, we will be unable to provide our current or future products and services to you and we reserve the right to terminate our relationship with you, as permitted under applicable law. Further, to the extent we have a legitimate interest in retaining your Information and/or associated personal data (as defined under applicable law), we may do so. For example, if you have requested that we erase your Information or associated personal data (as defined under applicable law), but you have an outstanding balance with Mocasa, we may retain your Information or associated personal data (as defined under applicable law), in order to continue collection efforts. We are also required to retain your personal data for a period of at least five (5) years in compliance with anti-money laundering and terrorism financing prevention regulations, notwithstanding requests for deletion.

10. Consent and Authorization

By downloading the Mocasa App and clicking “Agree” on the permissions overview screen, you: 

  • accept the terms of this Privacy Policy;
  • allow Mocasa to access the device permissions more fully described below;
  • give Mocasa consent to collect, use, share, or otherwise process your personal data, which may include personally identifiable information, personal information, sensitive personal information (in each case, as defined under applicable law), as outlined in this Privacy Policy; 
  • certify that all personal data you have provided and will provide to Mocasa is true and correct to the best of your knowledge; 
  • authorize Mocasa to verify/investigate the accuracy of your personal data;
  • acknowledge that Mocasa may be required to disclose your personal data to the Securities and Exchange Commission, Bangko Sentral ng Pilipinas, Anti-Money Laundering Council, Bureau of Internal Revenue, Credit Information Corporation, credit bureaus and/or any other governmental body, in compliance with its legal obligations and in accordance with the principle of proportionality.

11. What device permissions does the Mocasa app access? 

Depending on your Device Operating System and the version of the Mocasa app installed on your device, the following device permissions may be accessed by the Mocasa App. Keep your Mocasa App updated to make sure you can experience the latest and most secure features.   

  • Camera - Mocasa will ask you to upload a photo of your ID, proof of income, or a selfie for the purpose of identification. You can choose to take photos on-site (only need Camera permission) or access media library or files to pick a photo (only need Photo permission);
  • Read your contacts – After your explicit authorization, the app will auto-fill the selected contacts as needed. Your contact information will only be stored and used for credit assessment and emergency contact. Only the contacts you select will be collected or used;
  • Location – This helps our fraud models verify your identity. Mocasa also uses this information in its credit and underwriting models to determine whether you are eligible for Mocasa’s services. We also use location data for research purposes;
  • Read phone status and identity – We will collect and use your device ID (advertising ID, BSSID, IMEl, Android ID) to ensure the security of your transactions and payments. Granting this permission will help us check if you are performing sensitive actions on commonly used devices. This will effectively reduce the risk of your account being compromised.

Third-party SDKs collect some of our non-sensitive device information (for example: IDFV, Android ID, system version, device manufacturer, brand and model, etc.) for statistical and analytical purposes to optimize our experience on Mocasa. We only allow third-party SDKs to collect non-sensitive data with your explicit consent;

  • Receive text messages – This is used to automatically confirm the one-time password (OTP) sent to your device via SMS;
  • Run foreground service – This permission is needed by the Mocasa app to upload photos for KYC;
  • Run at startup – This allows the Mocasa app to send notifications to your device upon restart of your device;
  • View and change network connectivity – This is used to notify the Mocasa app when network connectivity changes so that we can determine whether you are connected to internet or not;
  • View Wi-Fi connections – Mocasa uses the IP address and network type of your device to detect and prevent fraud;
  • Receive data from the internet – Mocasa needs this permission in order to send requests through the app and to allow the app to access the internet;
  • Prevent phone from sleeping – This permission is required by some of the features and services within the Mocasa App, such as in-app messaging;
  • Retrieve installed apps – Mocasa will retrieve a list of apps installed on your device. Mocasa uses this information in its credit and underwriting models to determine whether you are eligible for Mocasa’s services.

12.  General

If you have questions about this Privacy Policy or about your rights as a Data Subject, you can contact our Data Protection Officer at:

Abano, Natalie - Data Protection Officer - Philippine Cashtrout Lending Corp..

5th Floor Rockwell Business Center Tower 1, Meralco Avenue, Ortigas. Ugong, City of Pasig, Metro Manila

email address: natalie.abano@mocasa.com

To improve and continue our services to you and to comply with data privacy regulations that may be issued from time to time, this Privacy Policy may be updated. You can check the latest version by visiting www.mocasa.com and clicking "Privacy Policy" at the bottom.

13.  Others

When you activate the use, we will collect your device information (IDFV, AndroidID, operating system, device model, device manufacturer, system version, etc.) through ThinkingData for statistical analysis of your use effect in the app.

Additionally, I acknowledge, accept and consent that my personal data may be collected, used, processed, stored, accessed, updated, shared, transferred or disclosed to the credit insights service provider/s, such as, but not limited to, Trusting Social AI Philippines, Inc. using the Subscriber data obtained from Mobile Network Operators, such as but not limited to, Globe Telecom, Inc., for the purpose of “ telco score” using telecommunications usage data . I understand that the credit scoring (telco score) and analytics between the Bank and credit insights service providers are conducted for the purpose of credit evaluation related to my card application and maintenance thereof.

Disclaimer: If a user has a dispute with Mocasa due to ambiguity in the above terms, TransUnion will be excluded and will not take any action against them as a result of the investigation.

 

Statement of Applying for Contacts Permission

To accurately evaluate your personal credit, we request you to grant us permission to access, collect, transmit, use and store your contacts information. We will use HTTPS encryption to transmit and store your information to ensure data security.

After your explicit authorization, the Mocasa App will autofill the selected contacts as required. Your contacts will only be stored and used for credit evaluation and emergency contacts. Mocasa does NOT have access to all of your contacts. You only need to select 2 contacts for the purposes of “credit evaluation and emergency contacts”.

Mocasa will NOT access or collect any of your personal information or sensitive data without your consent. Your contacts will NOT be shared or sent to third parties under any circumstances.

You may deny authorization to the access at any time. But you will not be able to use Mocasa financial services, such as applying for credit limit or making payments without authorization.

Mocasa will attempt to obtain the contacts information and upload them to Mocasa server only after your have granted authorization. If you wish to revoke historical authorizations and erase all your device or personal information, please contact support.user@mocasa.com. We will process our application within 5 working days.