GrabPeso ’s company name licensed by SEC:
SUMULONG FINANCING, INC.
Our SEC Registration No. CS201915712
Certificate of Authority No. 1238
By mere access to the Platform or any part thereof, you signify your assent to this Privacy Policy and consent to the processing of your personally identifiable information (Personal Information, Sensitive Personal Data or Information) to SUMULONG FINANCING, INC.(“we” or “our” or “us” or “GrabPeso”). This Privacy Policy is incorporated into and subject to the Terms of Use of the Platform.
It is strongly advised that users should read this privacy policythoroughly. by clicking these buttons, including, “login”, “I agree to GrabPeso’s privacy policy”, “I agree and consent to the collection, use, disclosure, storage, transfer and/or processing of my personal data for the purpose stated in, and under the terms of, GrabPeso’s privacy policy” or similar statements available on GrabPeso registration page or in the course of providing you with the services or access to relative platform, you acknowledge that you have read and understood the terms of this privacy policy and that you have agreed and consented to the collection, use, disclosure, storage, transfer and/or processing of your personal data as described and under the terms herein.
For the purpose of this Privacy Policy, the users of the Services may be customer/applicant / borrower/ consumers, or any other persons using Services or accessing our Platform (“user” or “you” or “your”).
Account
Means the unique account you create to access our Services or parts of
our Services.
Affiliate
Means an entity that controls, is controlled by, or is jointly
controlled by a party, where “control” means ownership of 50% or more of
shares, equity or other securities entitled to vote for directors or
other governing bodies.
Application
It means that you download and the software program called “GrabPeso” on
any device.
Device
Means any device that can access the Service such as a computer, a
cellphone or a digital tablet.
Personal Data
Is any information that relates to an identified or identifiable
individual.
Service
Represents the current application.
Service Provider
Means any natural or legal person who processes this data on behalf of
the Company. Refers to third-party companies or individuals employed by
the Company to facilitate the Services, provide the Services on behalf
of the Company, perform the Services in connection with the Services, or
assist the Company in analyzing the use of the Services.
Usage Data
Means data collected automatically, or data generated by using the
Services, or data generated from the service infrastructure itself (for
example, the duration of page visits).
You
Means the individual accessing or using the Service, or the Company, or
other legal entity on whose behalf such individual is accessing or using
the Service.
KYC
Means know your customer, that is to fully understand your customer,
conduct a comprehensive review of the customer, understand the
legitimacy of their identity, and prevent fraud.
Get a better understanding of who you are with the app and ensure your
users meet their credit needs. Therefore, before you submit your
application, your authorization will be required to collect
“Phone” and “Camera” information and
upload it to “grab-peso.com/api”. We are committed to encrypting data
and ensuring the security of information using secure data transfer
protocols. Feel free to use it. If you do not agree, we will not do
this, and the application will not be able to provide you with normal
services and exit the application.
Wherever possible, we indicate the mandatory and the optional fields.
You always have the option to not provide any information by choosing
not to use a particular service or feature on the Platform.
This information is required as a part of registration process to access
our Service and it is also used to auto-populate relevant fields in the
course of the interface of the App.
In short, to create an account on the platform, you must provide us with some basic information required to customize our service. The information that needs to be collected includes:
Specific information description: Mobile phone number,
Basic information: name, ID number, gender, birthday,
education, location, and the social media or networking platform used by
You like Google or Facebook etc.
Contact information: Emergency contact name/phone.
Occupation information: Occupational identity, working
Years, industry, monthly income,company Name.
Usage description: Mobile phone number login, Identify the real identity of users, used for risk decision-making to ensure service security.
Specific information description: Device brand/model, Android Version , List of installed apps.
Usage description: Check the mobile phone operating environment to ensure service security and Provide you with personalized products and services.
We request access to your camera, which allows you to take photos of your ID and face and upload them to our platform to complete the necessary KYC (Know Your Customer) verification process for loan services. We do not have access to photos or videos stored on your device. Camera access requires your consent, and if permission is not granted, you will not be able to take or update images.
We will collect a list of installed applications on your device,
including application names, app package names, installation date,
update date, version names, and version codes, which will be used to
screen for malicious software and cheating programs to maintain the
security of the mobile system environment and lending services.
It will also be used to evaluate your credit status and enrich your
information through pre-approved customized loan offers. After
determining your risk status, we will delete these dates.
We collect specific information about your phone, such as your phone’s unique device ID, phone model, etc. By analyzing your phone status, we can avoid fraudulent operations and ensure the security of your loan process. This is required because it helps us uniquely identify users and we can prevent any unauthorized devices from logging into your account in our application. This information will be encrypted and uploaded to https://grab-peso.com/api and will not be shared with third parties.
The App has a link to a registered third party SDK which collects data on our behalf and data is stored to a secured server to perform a credit risk assessment. We ensure that ourselves /our third party service provider takes extensive security measures in order to protect your personal information against loss, misuse or alteration of the data.
Our third-party service provider employs separation of environments and segregation of duties and have strict role-based access control on a documented, authorized, need-to-use basis. The stored data is protected and stored by application-level encryption. They enforce key management services to limit access to data.
Furthermore, our registered third party service provider provides hosting security – they use industry-leading anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, and application control solutions.
We understand the importance of your information and ensure that it is used for the intended purpose only.
We access, store and use the information we collect from you in accordance with the applicable laws to provide our Services, to research and develop new ones subject to the limitations set out in this Privacy Policy.
We use the information to:
Resolve disputes
Troubleshoot problems
Help promote a safe service
Analytical analysis
Marketing purposes
Measure consumer interest and satisfaction in our products and services
Inform you about online and offline offers, products, services, and updates
Customize your experience
Detect and protect us against suspicious or illegal activity, fraud and other criminal activity
Enforce our terms and conditions
Improvement of our services and as otherwise described to you at the time of collection
In our efforts to continually improve our product and service offerings, we collect and analyze demographic and profile data about our users’ activity on our platform.
We automatically track certain information about you based upon your behaviour on our Platform. We use this information to do internal research on our users’ demographics, interests, and behaviour to better understand, protect and serve our users and improve our services. This information is compiled and analysed on an aggregated basis. We also collect your Internet Protocol (IP) address and the URL used by you to connect your computer to the internet, etc. This information may include the URL that you just came from (whether this URL is on our Website or not), which URL you next go to (whether this URL is on our Website or not), your computer browser information, and your IP address.
Cookies are small data files that a Website stores on Your computer. We will use cookies on our Website similar to other lending websites / apps and online marketplace websites / apps. Use of this information helps Us identify You in order to make our Website more user friendly. Most browsers will permit You to decline cookies but if You choose to do this it might affect service on some parts of Our Website.
If you choose to get a loan through the Platform, we collect information about your applying behavior.
We retain this information as necessary to resolve disputes, provide customer support and troubleshoot problems as permitted by law.
If you send us personal correspondence, such as emails or letters, or if other users or third parties send us correspondence about your activities or postings on the Website, we collect such information into a file specific to you.
The intended purpose of collecting information provided by you is to:
Establish identity and verify the same
To complete your photo kyc
Monitor, improve and administer our platform
Provide our service i.E. Perform credit profiling for the purpose of facilitating loans to you.
Design and offer customized products and services offered by ourselves /our third party financial partners
Analyse how the platform is used, diagnose service or techID Card Numberal problems and maintain security
Send commuID Card Numberations notifications, information regarding the products or services requested by you or process queries and applications that you have made on the platform
Manage our relationship with you and inform you about other products or services we think you might find of some use
Conduct data analysis in order to improve the services / products provided to the usery
Use the user information in order to comply with country laws and regulations
Conduct kyc for ourselves /our third party lending partners based on the information shared by the user
Use the user information in other ways permitted by law to enable you to take financial services from our lending partners.
We will use and retain the information for such periods as necessary to provide you the services on the platform, to comply with our legal obligations, to resolve disputes, and enforce our agreements.
We will share Your information with only our registered third parties including our regulated financial partners for provision of Services on the Website/ App. We will share Your information with third parties only in such manner as described below:
We disclose and share Your information with ourselves /our third party partners for facilitation of a loan or facility or line of credit or applying a loan.
We share Your information with ourselves /our third party partners in order to conduct data analysis in order to serve You better and provide Services our Platform.
We may disclose Your information, without prior notice, if we are under a duty to do so in order to comply with any legal obligation or an order from the government and/or a statutory authority, or in order to enforce or apply Our terms of use or assign such information in the course of corporate divestitures, mergers, or to protect the rights, property, or safety of Us, Our users, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
We will disclose the data / information provided by a User with other technology partners to track how the User interact with the Platform on Our behalf.
We and our affiliates may share Your information with another business entity should we (or our assets) merge with, or be acquired by that business entity, or re-organization, amalgamation, restructuring of business for continuity of business. Should such a transaction occur than any business entity (or the new combined entity) receiving any such information from Us shall be bound by this Policy with respect to your information.
We will disclose the information to ourselves /our third party technology and credit partners to perform credit checks and credit analysis like Credit Bureaus or third party data source providers
We will share Your information under a confidentiality agreement with the third parties and restrict use of the said Information by third parties only for the purposes detailed herein. We warrant that there will be no unauthorised disclosure of your information shared with third parties.
By using the Platform, you hereby grant your consent to the Company to share/disclose your Personal Information (i) To the concerned third parties in connection with the Services and (ii) With the governmental authorities, quasi-governmental authorities, judicial authorities and quasi-judicial authorities, in accordance with applicable laws of Sri Lankan.
We shall disclose your Photo KYC process to the relevant regulatory authorities as a part of our statutory audit process. Please note that your ID Card Number shall never be disclosed.
In case we use or disclose your information for any purpose not specified above, we will take your explicit consent.
The Service Providers We use may have access to Your Personal Data. These third-party vendors collect, store, use, process and transfer information about Your activity on Our Service in accordance with their Privacy Policies.
Analytics
We may use third-party Service providers to monitor and analyze the use
of our Service.
Firebase
Firebase is an analytics service provided by Google Inc.
You may opt-out of certain Firebase features through your mobile device settings, such as your device advertising settings or by following the instructions provided by Google in their Privacy Policy: https://policies.google.com/privacy
We also encourage you to review the Google’s policy for safeguarding your data: https://support.google.com/analytics/answer
For more information on what type of information Firebase collects, please visit the How Google uses data when you use our partners’ sites or apps webpage: https://policies.google.com/technologies/partner-sites
Appsflyer
Their Privacy Policy can be viewed at
https://www.appsflyer.com/cn/product/security-and-privacy/
Payments
We may provide paid products and/or services within the Service. In that
case, we may use third-party services for payment processing (e.g.
payment processors).
We will not store or collect Your payment card details. That information is provided directly to Our third-party payment processors whose use of Your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
The Company uses remarketing services to advertise to You after You accessed or visited our Service. We and Our third-party vendors use cookies and non-cookie technologies to help Us recognize Your Device and understand how You use our Service so that We can improve our Service to reflect Your interests and serve You advertisements that are likely to be of more interest to You.
We may share information, such as hashed email addresses (if available) or other online identifiers collected on Our Service with these third-party vendors. This allows Our third-party vendors to recognize and deliver You ads across devices and browsers. To read more about the technologies used by these third-party vendors and their cross-device capabilities please refer to the Privacy Policy of each vendor listed below.
The third-party vendors We use are:
Google Ads (AdWords)
Google Ads (AdWords) remarketing service is provided by Google Inc.
You can opt-out of Google Analytics for Display Advertising and
customise the Google Display Network ads by visiting the Google Ads
Settings page:
https://www.google.com/settings/ads
Google also recommends installing the Google Analytics Opt-out Browser
Add-on
https://tools.google.com/dlpage/gaoptout
for your web browser. Google Analytics Opt-out Browser Add-on provides
visitors with the ability to prevent their data from being collected and
used by Google Analytics.
For more information on the privacy practices of Google, please visit
the Google Privacy & Terms web page:
https://policies.google.com/privacy
Facebook
Facebook remarketing service is provided by Facebook Inc.
You can learn more about interest-based advertising from Facebook by
visiting this page:
https://www.facebook.com/help/516147308587266
To opt-out from Facebook’s interest-based ads, follow these instructions
from Facebook:
https://www.facebook.com/help/568137493302217
For more information on the privacy practices of Google, please visit
the Google Privacy & Terms web page:
https://policies.google.com/privacy
Facebook adheres to the Self-Regulatory Principles for Online
Behavioural Advertising established by the Digital Advertising Alliance.
You can also opt-out from Facebook and other participating companies
through the Digital Advertising Alliance in the USA
https://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada
https://youradchoices.ca/
or the European Interactive Digital Advertising Alliance in Europe
https://www.youronlinechoices.eu/, or opt-out using your mobile device settings.
For more information on the privacy practices of Facebook, please visit
Facebook’s Data Policy:
https://www.facebook.com/privacy/explanation
We reserve the right to change, modify, add, or remove portions of this Privacy Policy at any time for any reason. In case, any changes are made in the Privacy Policy, we shall update the same on the Platform. Once posted, those changes are effective immediately, unless stated otherwise. We encourage you to periodically review this page for the latest information on our privacy practices. Continued access or use of the Services constitute Your acceptance of the changes and the amended Privacy Policy.
At any point of time Users can choose to edit/modify or delete/withdraw any Personal Information shared for use of the Platform. Please note that deleting or withdrawing information may affect the Services we provide to you. In case of modification of Personal Information, Users will be required to furnish supporting documents relating to change in Personal Information for the purpose of verification by the Company.
You have certain choices regarding the information we collect and how it is used:
Device-level settings: Your device may have controls that determine what information we collect. For example, you can modify permissions on your Android device for access to Camera or Audio permissions.
You can also request to remove content from our servers based on applicable law or by writing to our Grievance Officer.
The Platform intends to protect your information and to maintain its
accuracy as confirmed by you. We implement reasonable physical,
administrative and tech ID Card Numberal safeguards to help us protect
your information from unauthorized access, use and disclosure. For
example, we encrypt all information when we transmit over the internet.
We also require that our registered third party service providers
protect such information from unauthorized access, use and disclosure.
Our Platform has stringent security measures in place to protect the
loss, misuse and alteration of information under control. We endeavour
to safeguard and ensure the security of the information provided by you.
We use Secure Sockets Layers (SSL) based encryption, for the
transmission of the information, which is currently the required level
of encryption in Sri Lankan as per applicable law.
We blend security at multiple steps within our products with the state
of the art technology to ensure our systems maintain strong security
measures and the overall data and privacy security design allow us to
defend our systems ranging from low hanging issue up to sophisticated
attacks.
In addition, the Website and App have been certified for the following security certifications:
ISO 9001: being the international standard that details requirements for a quality management system (QMS). Organizations use the standard to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements with the requisite security protections.
ISO 27001 (formally known as ISO/IEC 27001:2005): is a specification for an information security management system (ISMS) and is the suggested level of certification required under the Information Technology Act, 2000. An ISMS is a framework of policies and procedures that includes all legal, physical and techID Card Numberal controls involved in an organization’s information risk management processes.
We aim to protect from unauthorized access, alteration, disclosure or destruction of information we hold, including:
We use encryption to keep your data private while in transit
We offer security feature like an OTP verification to help you protect your account
We review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems
We restrict access to personal information to our employees, contractors, and agents who need that information in order to process it. Anyone with this access is subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations
We regularly review this Privacy Policy and make sure that we process your information in ways that comply with it
We ensure that ID Card Number number is not disclosed in any manner
We or our affiliates maintain your information on servers located in Singapore . Data protection laws vary among countries, with some providing more protection than others. We also comply with certain legal frameworks relating to the transfer of data as mentioned and required under the Information Technology Act, 2000 and rules made thereunder
When we receive formal written complaints, we respond by contacting the person who made the complaint. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of your data that we cannot resolve with you directly
Our Platform links to other websites that may collect information about you. We are not responsible for the privacy practices or the content of those linked websites. With this Policy we’re only addressing the disclosure and use of data collected by Us. If You visit any websites through the links on the Website, please ensure You go through the privacy policies of each of those websites. Their data collection practices, and their policies might be different from this Policy and We do not have control over any of their policies neither do we have any liability in this regard.
By using the Platform and by providing your information, you consent to the collection, sharing, disclosure and usage of the information that you disclose on the Platform in accordance with this Privacy Policy.
If we decide to change our Privacy Policy, we will post those changes on this page so to make you aware of the information we collect, how we use it, and under what circumstances we share and disclose it.
If you have any questions, please contact us, we are happy to serve you.
Email: cs.grabpeso@outlook.com
Time: Monday to Saturday (8:30 - 18:00)
Address: Burgos, Rodiriguez, Rizal 4th district 1860