Privacy Policy

Company Information:

GrabPeso ’s company name licensed by SEC: SUMULONG FINANCING, INC.
Our SEC Registration No. CS201915712
Certificate of Authority No. 1238

By mere access to the Platform or any part thereof, you signify your assent to this Privacy Policy and consent to the processing of your personally identifiable information (Personal Information, Sensitive Personal Data or Information) to SUMULONG FINANCING, INC.(“we” or “our” or “us” or “GrabPeso”). This Privacy Policy is incorporated into and subject to the Terms of Use of the Platform.

It is strongly advised that users should read this privacy policythoroughly. by clicking these buttons, including, “login”, “I agree to GrabPeso’s privacy policy”, “I agree and consent to the collection, use, disclosure, storage, transfer and/or processing of my personal data for the purpose stated in, and under the terms of, GrabPeso’s privacy policy” or similar statements available on GrabPeso registration page or in the course of providing you with the services or access to relative platform, you acknowledge that you have read and understood the terms of this privacy policy and that you have agreed and consented to the collection, use, disclosure, storage, transfer and/or processing of your personal data as described and under the terms herein.

For the purpose of this Privacy Policy, the users of the Services may be customer/applicant / borrower/ consumers, or any other persons using Services or accessing our Platform (“user” or “you” or “your”).

Details of the privacy policy

Account
Means the unique account you create to access our Services or parts of our Services.

Affiliate
Means an entity that controls, is controlled by, or is jointly controlled by a party, where “control” means ownership of 50% or more of shares, equity or other securities entitled to vote for directors or other governing bodies.

Application
It means that you download and the software program called “GrabPeso” on any device.

Device
Means any device that can access the Service such as a computer, a cellphone or a digital tablet.

Personal Data
Is any information that relates to an identified or identifiable individual.

Service
Represents the current application.

Service Provider
Means any natural or legal person who processes this data on behalf of the Company. Refers to third-party companies or individuals employed by the Company to facilitate the Services, provide the Services on behalf of the Company, perform the Services in connection with the Services, or assist the Company in analyzing the use of the Services.

Usage Data
Means data collected automatically, or data generated by using the Services, or data generated from the service infrastructure itself (for example, the duration of page visits).

You
Means the individual accessing or using the Service, or the Company, or other legal entity on whose behalf such individual is accessing or using the Service.

KYC
Means know your customer, that is to fully understand your customer, conduct a comprehensive review of the customer, understand the legitimacy of their identity, and prevent fraud.

Collection of personal information of users

Get a better understanding of who you are with the app and ensure your users meet their credit needs. Therefore, before you submit your application, your authorization will be required to collect “Phone” and “Camera” information and upload it to “grab-peso.com/api”. We are committed to encrypting data and ensuring the security of information using secure data transfer protocols. Feel free to use it. If you do not agree, we will not do this, and the application will not be able to provide you with normal services and exit the application.
Wherever possible, we indicate the mandatory and the optional fields. You always have the option to not provide any information by choosing not to use a particular service or feature on the Platform.
This information is required as a part of registration process to access our Service and it is also used to auto-populate relevant fields in the course of the interface of the App.

In short, to create an account on the platform, you must provide us with some basic information required to customize our service. The information that needs to be collected includes:

Personal Information

Specific information description: Mobile phone number,
Basic information: name, ID number, gender, birthday, education, location, and the social media or networking platform used by You like Google or Facebook etc.
Contact information: Emergency contact name/phone.
Occupation information: Occupational identity, working Years, industry, monthly income,company Name.

Usage description: Mobile phone number login, Identify the real identity of users, used for risk decision-making to ensure service security.

Device Information

Specific information description: Device brand/model, Android Version , List of installed apps.

Usage description: Check the mobile phone operating environment to ensure service security and Provide you with personalized products and services.

Camera

We request access to your camera, which allows you to take photos of your ID and face and upload them to our platform to complete the necessary KYC (Know Your Customer) verification process for loan services. We do not have access to photos or videos stored on your device. Camera access requires your consent, and if permission is not granted, you will not be able to take or update images.

Application list

We will collect a list of installed applications on your device, including application names, app package names, installation date, update date, version names, and version codes, which will be used to screen for malicious software and cheating programs to maintain the security of the mobile system environment and lending services.
It will also be used to evaluate your credit status and enrich your information through pre-approved customized loan offers. After determining your risk status, we will delete these dates.

Phone number

We collect specific information about your phone, such as your phone’s unique device ID, phone model, etc. By analyzing your phone status, we can avoid fraudulent operations and ensure the security of your loan process. This is required because it helps us uniquely identify users and we can prevent any unauthorized devices from logging into your account in our application. This information will be encrypted and uploaded to https://grab-peso.com/api and will not be shared with third parties.

The App has a link to a registered third party SDK which collects data on our behalf and data is stored to a secured server to perform a credit risk assessment. We ensure that ourselves /our third party service provider takes extensive security measures in order to protect your personal information against loss, misuse or alteration of the data.

Our third-party service provider employs separation of environments and segregation of duties and have strict role-based access control on a documented, authorized, need-to-use basis. The stored data is protected and stored by application-level encryption. They enforce key management services to limit access to data.

Furthermore, our registered third party service provider provides hosting security – they use industry-leading anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, and application control solutions.

Use And Disclosure Of Your Personal And Other Information

We understand the importance of your information and ensure that it is used for the intended purpose only.

We access, store and use the information we collect from you in accordance with the applicable laws to provide our Services, to research and develop new ones subject to the limitations set out in this Privacy Policy.

We use the information to:

In our efforts to continually improve our product and service offerings, we collect and analyze demographic and profile data about our users’ activity on our platform.

Collection Of Other Non-personal Information

We automatically track certain information about you based upon your behaviour on our Platform. We use this information to do internal research on our users’ demographics, interests, and behaviour to better understand, protect and serve our users and improve our services. This information is compiled and analysed on an aggregated basis. We also collect your Internet Protocol (IP) address and the URL used by you to connect your computer to the internet, etc. This information may include the URL that you just came from (whether this URL is on our Website or not), which URL you next go to (whether this URL is on our Website or not), your computer browser information, and your IP address.

Cookies are small data files that a Website stores on Your computer. We will use cookies on our Website similar to other lending websites / apps and online marketplace websites / apps. Use of this information helps Us identify You in order to make our Website more user friendly. Most browsers will permit You to decline cookies but if You choose to do this it might affect service on some parts of Our Website.

If you choose to get a loan through the Platform, we collect information about your applying behavior.

We retain this information as necessary to resolve disputes, provide customer support and troubleshoot problems as permitted by law.

If you send us personal correspondence, such as emails or letters, or if other users or third parties send us correspondence about your activities or postings on the Website, we collect such information into a file specific to you.

Purpose Of Collecting Information

The intended purpose of collecting information provided by you is to:

We will use and retain the information for such periods as necessary to provide you the services on the platform, to comply with our legal obligations, to resolve disputes, and enforce our agreements.

Disclosure To Third Parties

We will share Your information with only our registered third parties including our regulated financial partners for provision of Services on the Website/ App. We will share Your information with third parties only in such manner as described below:

In case we use or disclose your information for any purpose not specified above, we will take your explicit consent.

Detailed Information on the Processing of Personal Information

The Service Providers We use may have access to Your Personal Data. These third-party vendors collect, store, use, process and transfer information about Your activity on Our Service in accordance with their Privacy Policies.

Analytics
We may use third-party Service providers to monitor and analyze the use of our Service.

Firebase
Firebase is an analytics service provided by Google Inc.

You may opt-out of certain Firebase features through your mobile device settings, such as your device advertising settings or by following the instructions provided by Google in their Privacy Policy: https://policies.google.com/privacy

We also encourage you to review the Google’s policy for safeguarding your data: https://support.google.com/analytics/answer

For more information on what type of information Firebase collects, please visit the How Google uses data when you use our partners’ sites or apps webpage: https://policies.google.com/technologies/partner-sites

Appsflyer
Their Privacy Policy can be viewed at https://www.appsflyer.com/cn/product/security-and-privacy/

Payments
We may provide paid products and/or services within the Service. In that case, we may use third-party services for payment processing (e.g. payment processors).

We will not store or collect Your payment card details. That information is provided directly to Our third-party payment processors whose use of Your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

Behavioral Remarketing

The Company uses remarketing services to advertise to You after You accessed or visited our Service. We and Our third-party vendors use cookies and non-cookie technologies to help Us recognize Your Device and understand how You use our Service so that We can improve our Service to reflect Your interests and serve You advertisements that are likely to be of more interest to You.

We may share information, such as hashed email addresses (if available) or other online identifiers collected on Our Service with these third-party vendors. This allows Our third-party vendors to recognize and deliver You ads across devices and browsers. To read more about the technologies used by these third-party vendors and their cross-device capabilities please refer to the Privacy Policy of each vendor listed below.

The third-party vendors We use are:

Google Ads (AdWords)
Google Ads (AdWords) remarketing service is provided by Google Inc.
You can opt-out of Google Analytics for Display Advertising and customise the Google Display Network ads by visiting the Google Ads Settings page: https://www.google.com/settings/ads

Google also recommends installing the Google Analytics Opt-out Browser Add-on https://tools.google.com/dlpage/gaoptout for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy

Facebook
Facebook remarketing service is provided by Facebook Inc.
You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/516147308587266
To opt-out from Facebook’s interest-based ads, follow these instructions from Facebook: https://www.facebook.com/help/568137493302217
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy
Facebook adheres to the Self-Regulatory Principles for Online Behavioural Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA https://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada https://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe https://www.youronlinechoices.eu/, or opt-out using your mobile device settings.
For more information on the privacy practices of Facebook, please visit Facebook’s Data Policy: https://www.facebook.com/privacy/explanation

Changes In This Privacy Policy

We reserve the right to change, modify, add, or remove portions of this Privacy Policy at any time for any reason. In case, any changes are made in the Privacy Policy, we shall update the same on the Platform. Once posted, those changes are effective immediately, unless stated otherwise. We encourage you to periodically review this page for the latest information on our privacy practices. Continued access or use of the Services constitute Your acceptance of the changes and the amended Privacy Policy.

Accessing Your Information / Contacting Us

At any point of time Users can choose to edit/modify or delete/withdraw any Personal Information shared for use of the Platform. Please note that deleting or withdrawing information may affect the Services we provide to you. In case of modification of Personal Information, Users will be required to furnish supporting documents relating to change in Personal Information for the purpose of verification by the Company.

Your Privacy Controls

You have certain choices regarding the information we collect and how it is used:

Device-level settings: Your device may have controls that determine what information we collect. For example, you can modify permissions on your Android device for access to Camera or Audio permissions.

Delete your entire App account.

You can also request to remove content from our servers based on applicable law or by writing to our Grievance Officer.

Security Precautions

The Platform intends to protect your information and to maintain its accuracy as confirmed by you. We implement reasonable physical, administrative and tech ID Card Numberal safeguards to help us protect your information from unauthorized access, use and disclosure. For example, we encrypt all information when we transmit over the internet. We also require that our registered third party service providers protect such information from unauthorized access, use and disclosure.
Our Platform has stringent security measures in place to protect the loss, misuse and alteration of information under control. We endeavour to safeguard and ensure the security of the information provided by you. We use Secure Sockets Layers (SSL) based encryption, for the transmission of the information, which is currently the required level of encryption in Sri Lankan as per applicable law.
We blend security at multiple steps within our products with the state of the art technology to ensure our systems maintain strong security measures and the overall data and privacy security design allow us to defend our systems ranging from low hanging issue up to sophisticated attacks.

In addition, the Website and App have been certified for the following security certifications:

ISO 9001: being the international standard that details requirements for a quality management system (QMS). Organizations use the standard to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements with the requisite security protections.

ISO 27001 (formally known as ISO/IEC 27001:2005): is a specification for an information security management system (ISMS) and is the suggested level of certification required under the Information Technology Act, 2000. An ISMS is a framework of policies and procedures that includes all legal, physical and techID Card Numberal controls involved in an organization’s information risk management processes.

We aim to protect from unauthorized access, alteration, disclosure or destruction of information we hold, including:

Compliance & Cooperation with Regulations and applicable laws

We regularly review this Privacy Policy and make sure that we process your information in ways that comply with it

Data transfers

We ensure that ID Card Number number is not disclosed in any manner

We or our affiliates maintain your information on servers located in Singapore . Data protection laws vary among countries, with some providing more protection than others. We also comply with certain legal frameworks relating to the transfer of data as mentioned and required under the Information Technology Act, 2000 and rules made thereunder

When we receive formal written complaints, we respond by contacting the person who made the complaint. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of your data that we cannot resolve with you directly

Our Platform links to other websites that may collect information about you. We are not responsible for the privacy practices or the content of those linked websites. With this Policy we’re only addressing the disclosure and use of data collected by Us. If You visit any websites through the links on the Website, please ensure You go through the privacy policies of each of those websites. Their data collection practices, and their policies might be different from this Policy and We do not have control over any of their policies neither do we have any liability in this regard.

By using the Platform and by providing your information, you consent to the collection, sharing, disclosure and usage of the information that you disclose on the Platform in accordance with this Privacy Policy.

If we decide to change our Privacy Policy, we will post those changes on this page so to make you aware of the information we collect, how we use it, and under what circumstances we share and disclose it.

Feedback contact

If you have any questions, please contact us, we are happy to serve you.