Mocasa App Privacy Policy
Updated Date: July 2025
Philippine
Cashtrout Lending
Corp.,
a
corporation organized
and
existing in the Philippines
(“Mocasa”, “we”, “us” or “our”) takes
your
privacy very seriously.
This
privacy policy
(this
“Privacy
Policy”) describes
what
information we collect
from
you,
the
purposes for which
we
collect and process
it,
how
we
use
it,
who
we
share
it
with,
how
long
we
retain
it,
and
your
rights
in
relation to it. You should
read
and
understand this Privacy
Policy
in
its
entirety.
This Privacy
Policy
applies in connection
with
your
use
of
the
Mocasa
mobile
application found
here
(the
“Mocasa
App”) and your use of our services
through the Mocasa
App
or
otherwise.
1. What personal data does Mocasa collect and process? From where does Mocasa collect your personal information?
Mocasa
collects the following
personal data (as defined
under
applicable law),
including personally
identifiable information. The collection
of
this
data
is
limited to what is adequate,
relevant, suitable,
and
strictly necessary
for
our
declared, specified,
and
legitimate purposes,
in
adherence to the principle
of
proportionality as required
by
the
Data
Privacy Act of 2012 and relevant
NPC
issuances:
-
Identification data
(e.g., first
name, surname,
date
of
birth, image, marital
status for
identity verification
and
KYC
purposes);
-
Data
provided by you
through your
responses (e.g.,
information and
documents about
your
income or employment,
your
educational attainment,
information about
your
mobile device
necessary for
assessing your
financial capacity
and
loan
eligibility);
-
Contact
details (e.g.,
address, phone
number, alternate
phone number,
email address
used
for
communication regarding
your
application, account,
and
for
legitimate debt
collection activities
strictly in accordance
with
ethical standards
and
legal limits);
-
Government-issued identification
data
and
documents (e.g.,
SSS
ID,
UMID, Passport,
Driver’s License,
PhilSys ID collected
and
processed solely
for
identity verification,
KYC,
and
fraud prevention
as
required by law);
-
Mobile
device specifications
(e.g., SIM,
IMEI, IP address,
or
other device
identifiers, type
of
device, device
operating system,
device settings,
user
account information
for
your
mobile device,
the
name
and
network information
of
your
mobile network
provider, device
specifications (such
as
screen size,
resolution, CPU
capacity, etc.))
collected to ensure
device compatibility,
security, fraud
detection, and
to
enhance user
experience;
-
Location
data
(e.g., mobile
device location
collected with
your
explicit consent
for
fraud prevention,
risk
assessment, and
to
tailor relevant
services available
in
your
region, limited
to
what
is
essential for
these purposes);
-
SMS
receiving records
(e.g. sender
number, sender
name, text
content, and
receiving time
specifically transaction-related and
OTP-related SMS,
analyzed solely
for
credit evaluation
and
to
determine appropriate
credit limits, and
verification of identity
during daily
communication or interaction
between you
and
Mocasa, as detailed
in
our
specific consent
mechanisms);
-
Transaction
data
and
financial information
(e.g., loans,
payments, loan
requests, tax
information essential
for
providing and
managing our
financial products
and
services, including
loan
disbursement and
repayment tracking);
-
Device
behavioural data
(e.g., types
and
nature of mobile
applications found
on
your
mobile device
collected to derive
aggregated and
anonymized insights
or
proportional metadata
to
enhance our
credit scoring
models, detect
fraud patterns,
and
improve the
overall security
and
functionality of the
Mocasa App.
This
data
is
not
used
to
uniquely identify
or
profile individual
users based
on
their specific
app
usage, nor
for
direct marketing
without separate,
explicit consent.
We
strictly avoid
collecting data
that
is
not
relevant or necessary
for
our
stated purposes.);
-
Telecommunications usage
data
(e.g., subscription
data, payment
details, applications
and
usage data,
telco score
used
for
credit assessment
and
fraud prevention,
where permissible
and
with
appropriate consent);
-
Mocasa
App
usage (e.g.,
traffic (volume)
data, information
about your
usage or non-usage
of
the
Mocasa App
used
to
analyze and
improve the
performance and
usability of the
application and
its
services);
-
Information
related to your
communications with
Mocasa (e.g.,
your
communications with
Mocasa via
in-app chat,
email, telephone
or
other channels, used
for
customer service,
dispute resolution,
and
quality assurance);
-
Information
provided by you
in
relation to participation
in
special offers
and
promotional activities
conducted by Mocasa
(e.g., promo
codes, games,
contests, discounts,
and
participation in by-invitation-only groups
used
solely for
the
administration of such
activities);
-
Certain
third party
data
(e.g., information
provided to or from
credit reference
agencies or bureaus,
external collections
agencies, mobile
network providers, obtained
with
your
consent or where
a
legitimate interest
or
legal obligation
applies, for
creditworthiness assessment,
fraud prevention,
and
debt
collection).
Mocasa
collects your personal
data
from:
-
You,
when
you
download the Mocasa
App and/or
indicate that
you
want
to
apply for
credit, providing
data
directly through
the
application process
and
your
interactions;
-
Your
other interactions
with
us,
including Information
you
may
voluntarily share
with
our
customer support
team
or
other Mocasa
employees or agents;
-
Your
mobile device
(through the
device permissions
you
explicitly grant,
as
more
fully described below);
-
Credit
reference agencies
(who
may
check your
personal data
against other
databases – public
and
private – to which
they
have
access) or fraud
prevention agencies
for
credit assessment
and
fraud detection
purposes.;
-
Third
parties and
other publicly
available sources,
with
your
explicit consent,
when
it
is
necessary for
the
performance of our
contract with
you
or
(e.g. we may
receive Information
from
other disbursement
channel vendors
or
other business
partners such
as
telecommunications companies
and
credit scoring
service providers
that
may
assist us in providing
services to you)
when
required or permitted
by
applicable laws
and
regulations;
-
Third
parties who
communicate with
us
through the
contact information
that
you
provided to us (e.g.,
character references
you
explicitly provided).
Collection
and
processing of your personal
data
by
Mocasa
is
necessary for the declared,
specified, and legitimate
purposes of providing
Mocasa’s products
and
services, assessing
your
eligibility, mitigating
risks,
and
to
comply
with
applicable legal
and
regulatory requirements
(such
as
KYC,
AML,
and
consumer protection
laws)
to
which
you
and/or
Mocasa
is
subject. Apart
from
such
cases
where
processing is necessary
due
to
contractual obligations,
legal
compliance, or our legitimate
interests which
do
not
override your fundamental
rights
and
freedoms, we do not collect
Information without
your
specific, informed prior consent.
2. What are the purposes for which your personal data is processed? How does Mocasa use your personal information?
Mocasa
processes your personal
data
only
for
declared, specific,
and
legitimate purposes,
necessary for the provision
of
our
products and services,
and
in
compliance with all applicable
laws
and
regulations. We ensure
that
the
processing of your data is proportional to these
purposes and not excessive.
Your
data
is
processed for the following
purposes:
-
To
assess your
eligibility to use
our
products or services: this
includes, but
is
not
limited to,
comprehensive credit
scoring, assessing
your
creditworthiness, determining
your
financial capacity
to
afford requested
products or services,
and
evaluating your
eligibility for
additional benefits
of
an
existing product.
This
is
essential to ensure
responsible lending;
-
To
service and
manage your
account with
Mocasa (including,
but
not
limited to processing
the
disbursement of your
funds, managing
your
loan
details, and
facilitating the
collection of your
outstanding balance
in
accordance with
your
loan
agreement and
applicable laws;
-
To
verify your
identity and/or
other information
you
provided to us;
-
To
personalize credit
assessment, risk
analysis, and
implement control
measures: This
allows us to tailor
financial products
to
your
specific profile,
manage potential
risks effectively,
and
ensure the
stability and
security of our
lending operations;
-
To
detect, combat, and
prevent fraud,
attempted fraud,
money laundering, and/or
other illegal
uses
of
our
services: we employ
robust measures
to
protect our
users and
our
platform from
illicit activities,
safeguarding the
financial ecosystem.;
-
To
analyze customer
behavior: we analyze
aggregated and
anonymized customer
behavior patterns,
including insights
derived from
device behavioral
data
(e.g., types
and
nature of mobile
applications found
on
your
device), solely
for
the
purpose of enhancing
our
credit scoring
models, improving
fraud detection
mechanisms, and
optimizing the
overall user
experience and
security of the
Mocasa App. This
analysis is done
without identifying
or
profiling individual
users based
on
their specific
app
usage, and
strictly adheres
to
proportionality.;
-
To
administer our
systems, maintain
service quality, and
compile general
usage statistics: this
ensures the
reliable operation
of
the
Mocasa App
and
allows us to monitor
performance;
-
To
analyze and
continually improve
our
services and
product offerings:
your
usage data
helps us understand
how
our
services are
used, allowing
us
to
enhance features,
improve efficiency,
and
develop new
products that
better serve
your
needs;
-
To
troubleshoot any
technical problems
you
or
other customers
encounter with
Mocasas services: this
ensures seamless
operation and
prompt resolution
of
user
issues;
-
To
comply with
applicable laws,
regulations, and
rules: this
includes, but
is
not
limited to,
fulfilling obligations
related to "know-your-customer" (KYC)
requirements, customer
verification, transaction
monitoring, anti-money
laundering (AML),
and
reporting obligations
to
regulatory bodies;
-
To
send
you
marketing or advertising
notices or other
promotional offers: to the
extent you
have
not
objected to the
use
of
your
personal data
for
direct marketing
purposes after
proper notification, we may
send
you
relevant marketing
or
advertising notices
or
other promotional
offers about
our
products and
services. You
always have
the
right to opt-out
of
such
communications;
-
To
provide service
updates and
important notifications:
this
ensures you
are
informed about
changes to our
terms, services,
or
any
critical security
alerts;
-
To
provide staff
training: where
necessary and
with
appropriate safeguards,
we
may
monitor or record
customer interactions
to
ensure quality
of
service and
for
staff development;
-
To
interface with
credit reference
or
fraud prevention
agencies, necessary
for
assessing your
creditworthiness, reporting
credit information,
and
preventing fraudulent
activities;
-
To
provide customer
service or support
and
to
resolve disputes
and
complaints, this
is
to
address your
inquiries, concerns,
and
resolve any
issues effectively;
-
To
contact you
by
telephone using
autodialed or prerecorded
message calls
or
text
(SMS) messages
(if
applicable): as authorized
for
the
legitimate purposes
described in this
Privacy Policy, including
for
account management,
loan
reminders, and
important service
notifications.
We process
your
personal data for the purposes
set
out
above
on
the
following lawful
grounds, in compliance
with
applicable data privacy
laws:
-
To
carry out
our
obligations to you: this
includes fulfilling
our
responsibilities as a result
of
any
contracts or agreements
entered into
between you
and
us
(i.e., where
processing is necessary
for
the
adequate performance
of
our
contract with
you
and/or to take
steps requested
by
you
prior to entering
into
a
contract with
you, such
as
a
loan
application);
-
To
carry out
our
legal obligations: wherein
processing is necessary
for
compliance with
a
legal obligation
to
which Mocasa
is
subject under
applicable law
(e.g., KYC,
AML
laws, regulatory
reporting);
-
In
connection with
our
legitimate interest: where
processing is necessary
for
the
purposes of the
legitimate interests
pursued by Mocasa
or
by
a
third party,
except where
such
interests are
overridden by your
fundamental rights
and
freedoms. Our
legitimate interests
include (1)
responsibly providing
you
with
credit and/or
other financial
or
technological products
or
services, (2)
operating and
expanding our
business effectively, (3)
marketing our
relevant products
and
services to you
and
others (4) administering
our
systems and
(5)
keeping our
records accurate
and
up
to
date;
-
With
your
prior consent: where
we
have
obtained your
specific, informed,
and
explicit consent
for
a
particular processing
activity, especially
for
activities not
covered by a contractual
obligation, legal
compliance, or legitimate
interest. You
have
the
right to withdraw
your
consent at any
time, subject
to
legal or contractual
restrictions.
3. Who do we share your personal data with?
Mocasa
is
committed to safeguarding
your
personal data.
We
will
not
disclose any information
containing your personal
data
(as
defined under
applicable law) to any third
parties unless
it
is
necessary and/or
appropriate for our declared,
specified, and legitimate
purposes, to provide
Mocasa's products
or
services (provided,
that,
we
may
share
limited personal
data
(as
defined under
applicable law) with select
partners for research
and
development). We adhere
to
the
principles of data minimization
and
purpose limitation
when
sharing your data.
Whenever practically
feasible, and where
the
purpose can still
be
achieved Mocasa
will
only
share
your
personal data with third
parties in an anonymized
or
de-identified format.
You understand
and
agree
that
we
may,
as
necessary and/or
appropriate for the purposes
provided above,
transfer and disclose
your
personal data to the following
categories of recipients:
-
Employees,
subcontractors, agents,
service providers,
or
associates of the
Philippine Cashtrout
Lending Corp.
(including directors
and
officers), who
require access
to
perform their
functions and
responsibilities in delivering
our
services and
operating our
business;
-
bank
partners;intermediary, correspondent
and
agent banks,
non-banks, quasi-banks
or
other financial
institutions, clearing
houses, clearing
or
settlement systems,
market counterparties,
upstream withholding
agents, licensed
electronic or mobile
wallet providers,
remittance and
transfer companies,
credit reference
agencies or credit
bureaus, such as TransUnion, SKYPAY and its affiliate SKYBRIDGE PAYMENT INC., for
purposes of facilitating
transactions, assessing
creditworthiness, providing
customized services upon your consent and need, fraud
prevention, and
complying with
financial regulations;
-
Service
providers with
contractual or fiduciary
relationships with
Mocasa (e.g.,
to
facilitate transaction
processing, fraud
prevention, cloud
data
storage or data
transfer), who
are
essential for
the
technical and
operational functioning
of
our
services.;
-
telecommunication companies
(e.g., Globe,
TM,
GOMO, Smart,
Talk&Text, PLDT,
Sun
Cellular), where
necessary for
services like
OTP
delivery, telecommunications usage
data
for
credit assessment
(with your
consent), or fraud
prevention;
-
external
collection agencies
(to
assist in the
collection of any
unpaid obligations
to
us)
we
share only
the
necessary data
required for
collection efforts.
Mocasa strictly prohibits external collection agencies from using your personal data, including your photo or any sensitive information, to harass, embarrass, or engage in any unfair, unethical, or illegal collection practices. All
our
agreements with
collection agencies
mandate strict
adherence to the
Data
Privacy Act
of
2012, its
Implementing Rules
and
Regulations, and
other relevant
consumer protection
laws.;
-
external
counsel, external
auditors, and
consultants, when
necessary to resolve
disputes or complaints, conduct
audits, or ensure
legal and
regulatory compliance.;
-
a
party in connection
with
any
merger, acquisition, or sale
of
all
or
substantially all
of
the
assets of Mocasa
and/or any
company within
the
Philippine Cashtrout
Lending Corp.;
-
a
party in
connection with
any assignment
of
credit or
the creation
of
a
security interest
involving outstanding
balances owned
to
Mocasa,
in
compliance with
applicable laws;
-
to
other public
or
private third
parties to the
extent that:
(1) we have a duty to disclose
or
share
your
personal data in order
to
comply
with
any
legal
obligation (e.g.,
the
Credit
Information Corporation,
the
Bureau
of
Internal Revenue, Bangko
Sentral ng Pilipinas, Securities
and
Exchange Commission),
(2) it is necessary
or
appropriate to enforce
or
apply
any
agreement with you including
our
Terms
and
Conditions, and/or
(3) it is necessary
or
appropriate to protect
the
rights, property,
or
safety
of
Mocasa, the Philippine
Cashtrout Lending
Corp., our employees,
and/or
our
customers, including
for
preventing fraud
or
addressing security
vulnerabilities.
The above
parties may also process
or
disclose your personal
data
for
the
purposes set forth
above,
so
long
as
such
processing or disclosure
is
in
compliance with this Privacy
Policy, applicable
laws,
and
subject to appropriate
data
processing agreements
and
confidentiality clauses.
Further, While
we
strives to select reputable and reliable partners during our recommendation or referral of third-party products, services
and ensure our own practices align with data protection
standards, it is important to exercise caution that these third-party
products and services are operated under their own
distinct privacy statements and practices, which are beyond our control. To further protect yourself, we strongly recommend reviewing the privacy policies
of these third-parties before providing any personal information to facilitate their product or services. When you navigate away from our Site (which can be determined by
checking the URL in your browser’s address bar), any information you consent to provide to these external sites is
subject to the Privacy Policy of the respective website operator. We cannot provide any representation or warranty
regarding how your information is stored or used on financial partners and third-party servers, and we are unable
to take any responsibility in any form for any violation of your information conducted by such financial partners
and third-party servers.
Further,
Mocasa
may
also
share
your
personal data with law enforcement
or
other
government agencies
(e.g.,
National Privacy
Commission, National
Bureau
of
Investigation, Philippine
National Police)
in
connection with a formal
request, subpoena,
court
order,
or
similar legal
procedure, or when we believe
in
good
faith
that
disclosure is necessary
to
comply
with
the
law,
prevent physical
harm
or
financial loss,
to
report
suspected illegal
activity, or to investigate
violations of our agreements
with
you.
4. For how long will we retain your personal data?
Your personal
data
will
be
stored
or
retained by Mocasa
only
for
the
period
necessary
to
fulfill the declared,
specified, and legitimate
purposes for which
it
was
collected, as outlined
in this Privacy
Policy. This adherence
to
purpose limitation
and
data
minimization ensures
your
data
is
not
kept
longer
than
required.
We are required
to
retain
certain personal
data
for
a
minimum period
of
at
least
five
(5)
years
in
compliance with anti-money
laundering and terrorism
financing prevention
regulations, as well as other
specific legal
and
regulatory obligations
to
which
Mocasa
is
subject, notwithstanding
deletion requests.
We may also retain
your
personal data:
(i) for as long as necessary
to
comply
with
any
other
applicable legal
or
regulatory obligation;
(ii) whenever
such
retention is expressly
authorized by law; and
(iii)
for
the
establishment, exercise,
or
defense of legal
claims
or
defenses.
Information
that
is
no
longer
needed
for
the
purpose(s) for which
it
was
collected shall
be
deleted or anonymized, except
as
necessary to comply
with
legal
obligations.
5. Where do we process, store or transfer your personal data?
We are committed
to ensuring
that
adequate safeguards
are
in
place
in
accordance with applicable
law
and/or
the
Philippines data protection
requirements. The safeguards
we
will
use
will
depend
on
the
circumstances and the party
to
whom
we
transfer your personal
data.
Your
personal data may be processed
by
any
of
the
parties described
above, who are also bound
by
appropriate data protection
commitments. Mocasa
employs all reasonable
and
appropriate
organizational, technical,
and
physical security
measures to protect
your
personal data against
accidental or unlawful
destruction, alteration,
unauthorized disclosure,
access, misuse,
or
any
other
unlawful processing,
as
required by applicable
law
and
industry benchmark
practices.
6. Automated decisions and profiling
To provide
you
with
rapid,
efficient, and tailored
services, we may make certain
decisions in relation
to
our
provision of products
and
services to you by using
automated decision-making
(ADM)
processes, which
may
involve profiling,
in
relation to our provision
of
products and services.
These
processes operate
with
limited to no human
involvement and are based
on
the
personal data collected
about
you.
When you apply
for
credit
or
seek
eligibility for our products
and
services, well use automated
processing to make decisions
regarding your application,
including whether
to
lend
to
you
and/or
make
other
decisions about
your
eligibility for our products
and
services, based
on
the
personal data collected.
This
automated processing
enables us to provide
rapid,
responsive, and tailored
credit
services to customers
who
may
not
have
traditional credit
histories, prior
bank
or
other
financial data, or income
from
formal
sources.
Our credit
and
underwriting models
utilize data science
and
machine-learning technology
to
process your personal
data
and
assess
your
creditworthiness. The associated
processing of your personal
data
is
automated and little
to
no
human
intervention is involved.
Using
such
automated processes
to
assess
your
creditworthiness means
we
may
automatically decide
that
you
may
be
ineligible for our services
or
ineligible for credit
of
a
particular amount
or
tenure. Our credit
and
underwriting models
are
regularly tested
and
validated to ensure
they
remain
fair,
accurate, unbiased, and compliant
with
all
applicable laws and regulations.
Mocasa
also
utilizes automated
processes to detect,
combat
and
prevent fraud, attempted
fraud,
money
laundering, and other
illegal uses of our services. Our fraud
models
may
automatically identify
patterns or behaviors
that
indicate that a certain
individual poses
a
fraud
or
money
laundering risk (e.g.,
if
our
processing reveals
information or behavior
consistent with money
laundering or known
fraudulent activity,
if
the
activity is inconsistent
with
prior
activity on our platform
or
if
an
individual appears
to
be
hiding
their
true
identity). If our fraud
models
determine that processing
a
transaction or approving
a
certain individual
creates a risk of fraud,
that
individual’s access
may
be
suspended or refused.
7. Your rights as a data subject
As a data subject
under
the
Data
Privacy Act of 2012 (DPA)
and
its
Implementing Rules
and
Regulations (IRR),
you
are
afforded specific
rights
concerning your personal
data.
Mocasa
is
committed to upholding
these
rights. You may contact
us
to
exercise your rights
as
a
data
subject at support.user@mocasa.com. Please
note
that
there
may
be
occasions when you wish to exercise
your
rights
and
we
are
unable
to
agree
to
your
request (e.g.,
because we have compelling
legitimate ground
for
using
or
processing your personal
data
or
because we we need to retain
your
personal data to comply
with
a
legal
obligation).
We must provide
you
with
certain information
related to how we collect
your
personal data,
details on how we collect,
use, and process
your
personal data (and our legal
basis
for
doing
so),
who
we
share
your
personal data with,
where
we
obtained your personal
data, and your rights
as
a
data
subject. This information
is
provided within
the
Mocasa
App
and
in
this
Privacy Policy
in
clear
language.
You may ask for a copy of the personal
data
(as
defined under
applicable law) we hold concerning
you
(and
your
Information related
to
such
personal data),
as
well
as
information on how such personal
data
has
been
processed and obtained, the names
and
addresses of the recipients
to
whom
your
personal data has been disclosed
or
transferred, unless
providing some or all of it would
adversely affect
the
rights
and
freedoms of others
or
applicable law (such
as
trade
secret
protection or a court
order)
specifically requires
that
we
do
not
comply
with
your
request for certain
highly
sensitive or proprietary
information. The right
to
access
does
not
apply
to
analyses algorithms or
methodologies made by the Mocasa
with
respect to your personal
data,
which are proprietary know-hows and trade secrets belonging to Mocasa.
You may ask us to correct
any
personal data which
you
believe to be inaccurate.
We
will
promptly update
any
such
personal data.
In
connection with your request,
you
may
be
required to provide
supporting evidence
or
other
documentation so that we may verify
the
accuracy of the request.
-
Right to erasure or blocking
You may make requests to us
regarding the suspension,
withdrawal, blocking,
removal, or destruction
of
your
personal data from our systems
under
certain circumstances.
You
may
ask
us
to
erase
your
personal data in the following
instances:
-
If
you
believe it’s no longer
necessary for
us
to
retain such
personal data
(such as a legal
obligation or contractual
necessity) for
us
to
continue processing
it;
-
If
you
do
not
believe we have
legitimate ground
for
processing it;
-
If
you
think we are
using such
personal data
for
unauthorized purposes;
-
If
you
think applicable
law
or
a
court order
requires that
we
do
so;
or
-
If
you
believe the
personal data
is
incomplete, false,
or
unlawfully obtained;
-
Right to restrict or object to processing
Where
the
processing of your personal
data
is
based
on
your
consent or our legitimate
interest, you may ask us to stop using
your
personal data (as defined
under
applicable law) when:
-
You think
such
personal data
is
inaccurate, incomplete,
or
unlawfully obtained;
-
you
think your
personal data
is
used
for
unauthorized purposes;
-
if
you
don’t want
us
to
destroy such
personal data
because you
need
it
for
legal proceedings, for
the
fulfillment of contractual
or
legal obligation;
-
if
you’ve informed
us
that
we
don’t have
a
legitimate reason
for
using it and
we’re considering
your
request;
-
Right to data portability
If we’re using
your
personal data on the basis
of
your
consent or because
we
need
it
to
carry
out
our
contractual obligations
to
you,
you
can
ask
us
to
give
you
your
personal data (as defined
under
applicable law) in a structured,
commonly-used and machine-readable
format
or
have
it
transmitted to another
data
controller. The right
to
data
portability is limited
to
data
that
you
provided actively
and
knowingly, or that you provided
by
virtue
of
the
use
of
our
services.
You have the right
to
file
a
complaint with the relevant
government agencies
for
any
violation of your rights
as
a
data
subject. Please
note
that
there
may
be
occasions when you wish to exercise
your
rights
and
we’re unable
to
agree
to
your
request (e.g.,
because we have compelling
legitimate grounds
for
using
or
processing your information
or
because we need to retain
your
information to comply
with
a
legal
obligation).
Mocasa
is
committed to transparent
and
responsible management
of
the
permissions you grant
us.
We
will
only
access
your
device
permissions (e.g.,
SMS,
camera) for the specific,
legitimate purposes
outlined in this Privacy
Policy.
Once the specific
purpose for which
an
application permission
was
granted has been fulfilled,
and
where
there
are
no
other
applicable lawful
criteria requiring
continuous access
to
that
particular permission
for
the
provision of our services
or
compliance with legal
obligations, the Mocasa
App
will:
prompt
you
through appropriate
in-app
notices (e.g.,
just-in-time, pop-up
notifications) to inform
you
that
access
to
the
relevant application
permission may already
be
revoked, and guide
you
on
how
to
turn
it
off
or
disallow it through
your
device
settings.
Where
technically feasible
and
aligned with device
operating system
capabilities, the Mocasa
App
will
automatically turn off such permissions
by
default after
the
purpose is achieved,
provided it does not impair
essential, ongoing
services for which
explicit, continued
consent or legal
basis
exists.
8. Advertising and Marketing
If you no longer
wish
to
receive advertising,
marketing, or promotional
messaging, please
contact us at support.user@mocasa.com and we will remove
you
from
such
communication lists.
9. Consequences of not providing us with your personal data
You are not required
to
provide us with your Information
or
any
associated personal
data
(as
defined under
applicable law) and you may withdraw
your
consent from the use or processing
of
such
Information or personal
data
at
any
time. However,
if
you
do
so,
we
will
be
unable
to
provide our current
or
future
products and services
to
you, and we reserve
the
right
to
terminate our relationship
with
you,
as
permitted under
applicable law, discontinue
our
relationship with you as we would
be
unable
to
fulfill our contractual
obligations.
Further,
to
the
extent
we
have
a
legitimate interest
in
retaining your Information
and/or
associated personal
data
(as
defined under
applicable law),
we
may
do
so.
For
example, if you have requested
that
we
erase
your
Information or associated
personal data (as defined
under
applicable law),
but
you
have
an
outstanding balance
with
Mocasa, we may retain
your
Information or associated
personal data (as defined
under
applicable law),
in
order
to
continue collection
efforts. We are also required
to
retain
your
personal data for a period
of
at
least
five
(5)
years
in
compliance with anti-money
laundering and terrorism
financing prevention
regulations, notwithstanding
requests for deletion.
10. Consent and Authorization
By downloading
the
Mocasa
App
and
clicking “Agree” on the permissions
overview screen,
you:
-
Confirm
that
you
have
read, understood,
and
accept the
terms of this
Privacy Policy,
which comprehensively
outlines how
your
personal data
is
collected, used,
shared, and
otherwise processed;
-
Acknowledge
and
agree to Mocasa's
access to necessary
device permissions,
as
more
fully described
above and
detailed within
the
permissions overview
screen. You
understand that
access to certain
device data
is
essential for
the
functionality, security,
and
credit assessment
features of the
Mocasa App;
-
Grant
your
explicit consent
to
Mocasa to collect,
use,
share, or otherwise
process your
personal data,
which may
include personally
identifiable information,
personal information,
sensitive personal
information (in
each
case, as defined
under applicable
law), for
the
purposes where
consent is the
lawful basis
as
outlined in this
Privacy Policy;
-
certify
that
all
personal data
you
have
provided and
will
provide to Mocasa
is
true, accurate,
and
correct to the
best
of
your
knowledge and
belief;
-
authorize
Mocasa to verify/investigate the
accuracy of your
personal data
through various
means, as necessary
for
the
provision of our
services, credit
assessment, and
fraud prevention.;
-
acknowledge
that
Mocasa may
be
required to disclose
your
personal data
to
regulatory and
governmental bodies
such
as
the
Securities and
Exchange Commission,
Bangko Sentral
ng
Pilipinas, Anti-Money
Laundering Council,
Bureau of Internal
Revenue, Credit
Information Corporation,
credit bureaus
and/or any
other governmental
body, in compliance
with
its
legal obligations
and
in
accordance with
the
principle of proportionality.
11. What device permissions does the Mocasa app access?
Depending
on
your
Device
Operating System
and
the
version of the Mocasa
app
installed on your device,
the
following device
permissions may be accessed
by
the
Mocasa
App.
We
encourage you to keep your Mocasa
App
updated to make sure you can experience
the
latest
and
most
secure
features.
Below
are
the
device
permissions Mocasa
may
access, along
with
their
purposes:
-
SMS
- After
your
explicit authorization,
we
will
collect, upload
and
analyze the
specified SMS
messages (including
sender number,
sender name,
text
content, and
receiving time)
from
your
device. This
data
is
to
be
used
to
assess your
credit status
to
provide you
the
most
appropriate financial
services. This
information can
be
used
for
risk
analysis and
control, to assess
the
user's overall
financial ability
and
determine the
specific credit
limit. The
above data
will
be
transmitted and
stored on the
https://service.mocasa.com server.
If
you
do
not
agree to grant
Mocasa this
permission, click
the
"Do
Not
Allow" button
when
the
system asks
for
it. Even
if
the
user
agrees at the
moment, the
above authorization
can
be
revoked at any
time
through the
system settings.
-
Calendar
-
Mocasa may
request read
and
write calendar
permissions to specifically
remind you
of
repayment due
dates on your
bills. We will
only
read, add
and
modify calendar
events related
to
Mocasa. But
other events
you
have
set
in
your
device's calendar
will
never be read
or
modified;
-
Camera
-
Mocasa will
ask
you
to
upload a photo
of
your
ID,
proof of income,
or
a
selfie for
the
purpose of identification, to facilitate
identity verification
processes. You
can
choose to take
photos on-site
(only need
Camera permission)
or
access media
library or files
to
pick
a
photo (only
need
Photo permission);
-
Read
your
contacts – After your
explicit and
separate authorization,
the
app
will
auto-fill the
selected contacts
as
needed. Your
contact information
will
only
be
stored and
used
for
credit assessment
and
emergency contact
purposes. Only
the
contacts you
select and
explicitly allow
will
be
collected or used;
Meanwhile, please keep in mind that it is YOUR duty to acquire prior consent from your contact for our
connection with such contact, by providing us with your contacts, we assume you have acquired such
consent
-
Location
–
This
helps our
fraud models
verify your
identity and
detect suspicious
activities. Mocasa
also
uses
this
information in its
credit and
underwriting models
to
determine whether
you
are
eligible for
Mocasa’s services.
We
also
use
location data
for
research purposes;
-
Read
phone status
and
identity – We will
collect and
use
your
device ID (advertising
ID,
BSSID, IMEl, Android
ID)
to
ensure the
security of your
transactions and
payments. Granting
this
permission will
help
us
check if you
are
performing sensitive
actions on commonly
used
devices. This
will
effectively reduce
the
risk
of
your
account being
compromised or unauthorized
access.
Third-party
SDKs
collect some of our non-sensitive
device
information (for example:
IDFV,
Android ID, system
version, device
manufacturer, brand
and
model,
etc.)
for
statistical and analytical
purposes to optimize
our
experience on Mocasa.
We
only
allow
third-party SDKs to collect
non-sensitive data with your explicit
consent.
12. General
If you have questions
about
this
Privacy Policy
or
about
your
rights
as
a
Data
Subject, you can contact
our
Data
Protection Officer
at:
Roson, Trisha
Cassandra C.- Data Protection
Officer - Philippine
Cashtrout Lending
Corp..
4/F King's Court 1 BLDG., 2129 Chino Roces AVE., Pio Del Pilar, Makati,
Makati City, Metro Manila
email
address: compliance@mocasa.com
To improve
and
continue our services
to
you
and
to
comply
with
data
privacy regulations
that
may
be
issued
from
time
to
time,
this
Privacy Policy
may
be
updated. You can check
the
latest
version by visiting
www.mocasa.com and clicking
"Privacy Policy"
at
the
bottom.
13. Others
When you activate
the
use,
we
will
collect your device
information (IDFV,
AndroidID, operating
system, device
model,
device
manufacturer, system
version, etc.)
through ThinkingData
for
statistical analysis
of
your
use
effect
in
the
app.
Additionally,
your personal
data
may
be
collected, used,
processed, stored,
accessed, updated,
shared, transferred
or
disclosed to the credit
insights service
provider/s using
the
Subscriber data obtained
from
Mobile
Network Operators,
such
as
but
not
limited to, Globe
Telecom, Inc.,
for
the
purpose of “telco
score”
using
telecommunications usage
data.
The credit
scoring (telco
score)
and
analytics between
the
Bank
and
credit
insights service
providers are conducted
for
the
purpose of credit
evaluation related
to
your credit application
and
maintenance thereof.
Statement of Applying for Installed Application Permission
Please
allow
Mocasa
to
compare the installed
applications on your device
with
a
list
of
suspected malware/viruses
to
detect
whether your financial
transaction or credit
application environment
is
safe.
Therefore,
Mocasa
needs
to
upload
and
analyze the NON-SENSITIVE
application identifiers
matched in the above
process to protect
Mocasa
from
any
cyber
security risk.
Mocasa
does
not
have
access
to
any
of
your
private content
in
other
applications. Unmatched
apps
will
not
be
visible to Mocasa
to
protect your privacy.
In
this
way,
Mocasa
can
warn
you
of
the
risk
of
privacy leakage
before
you
enter
the
password or key information
such
as
your
ID
number.
We strongly
recommend that you agree
to
this
authorization to ensure
the
security of your financial
transactions and enable
access
to
our
full
range
of
services. If you choose
not
to
authorize this permission
after
fully
understanding its purpose
and
implications, you will not be able to use Mocasa's
core
financial functions
or
other
major
functions, such as applying
for
credit
or
a
loan, as this information
is
critical for our risk assessment,
fraud
prevention, and the secure
provision of our services.
After
your
explicit authorization,
Mocasa
will
encrypt and upload
the
above
information to https://service.mocasa.com securely.
These
data
will
not
be
shared
or
sold
to
third
parties in any form, as these
will
only
be
processed solely
for
the
stated
purposes and will not be shared for purposes
unrelated to the security
and
credit
assessment for which
your
consent was obtained.
Statement of Applying for Contact Permission
To accurately
evaluate your personal
credit
and identifying and contacting the character references or guarantors
for
your
loan
application, we request
you
to
grant
us
permission to access,
collect, transmit,
use
and
store
your
contacts information.
We
will
use
HTTPS
encryption to transmit
and
store
your
information to ensure
data
security.
After
your
explicit and separate
authorization, the Mocasa
App
will
autofill the selected
contacts as required.
Your
contacts will only be stored
and
used
for
credit
evaluation and identifying and
contacting the character references or guarantors. Mocasa
does
NOT
have
access
to
all
of
your
contacts. You only need to select
contacts for the purposes
of
“credit evaluation
and
guarantors”.
Mocasa
will
NOT
access
or
collect any of your personal
information or sensitive
data
from
your
contacts without
your
direct
selection and consent.
Your
contacts will NOT be shared
or
sent
to
third
parties under
any
circumstances except
as
otherwise explicitly
consented to by you within
this
Privacy Policy
(e.g.,
for
data
sharing with financial
partners or for specific
outsourced collection
efforts where
relevant and separately
authorized).
You may deny authorization
to
the
access
at
any
time.
However, please
be
aware
that
granting this permission
and
providing emergency
contacts is often
essential for verifying
your
creditworthiness and for account
security. Without
such
authorization, you will not be able to use Mocasa
financial services,
such
as
applying for a credit
limit
or
making
payments without
authorization.
Mocasa
will
attempt to obtain
the
contact's information
and
upload
it
to
Mocasa
server
only
after
you
have
granted authorization.
If
you
wish
to
revoke
historical authorizations
and
erase
all
your
device
or
personal information,
please
contact support.user@mocasa.com. We will process
our
application within
five
(5) working
days.
