The objective of this statement is to explain how we collect, use, share, retain, dispose, and protect your personal data and how we enable your rights under the Data Privacy Act of 2012 (DPA).
Who is collecting your personal data?
We at G-Xchange Inc. (GCash/GXI) are committed to ensuring that your privacy is secured and protected. We respect your right to know how we process and protect your personal data, which is why we are providing this notice.
Definitions
“we/us” or “GCash/GXI”
means G-Xchange Inc.
“you” or “user”
means GCash user or individual visiting our website and mobile app or registering a GCash Account
“third party”
means someone who is not you or us or a part of GCash or GXI
Our reason why we collect your Personal Data…
We collect your personal data, without limiting the generality of the purpose, to facilitate your transaction needs and avail yourself of our products and services. These include the following:
enhancing your customer experience and improving, developing, and determining tailored products to meet your preferences and needs;
communicating relevant products or advisories to you;
showing you relevant ads on and off our services and measuring the effectiveness and reach of ads and services;
abiding by any safety, security, public service, or legal requirements and processes;
processing information for statistical, analytical, and research purposes; and
processing your requests concerning the creation, update, and maintenance of your account
Further, we collect your personal data to the extent necessary to comply with the requirements of the law and legal process, such as legal and regulatory obligations under the Anti-Money Laundering Act (AMLA) and Bangko Sentral ng Pilipinas (BSP) issuances; or to prevent imminent harm to public security, safety or order.
We also need your personal data for statistical, analytical, and research purposes to generate anonymous and aggregated reports.
When required by our Privacy Policy or the law, we will ask for your consent before we process your personal data.
We collect the following information…
The personal data we collect about you may either be personal information (PI) and/or sensitive personal information (SPI):
a.) Personal Information (PI) is any information from which the identity of an individual can be reasonably and directly ascertained, or when put together with other information would directly and certainly identify an individual, such as:
full name
date or birth
place of birth
specimen of signature
biometrics
facial photo
address (present and permanent)
source of fund or income
employer name or nature or self-employment or business
contact details (telephone number, mobile, and email address
mother’s maiden name
marital status
Device ID information
b.) Sensitive Personal Information (SPI) is any information that falls under the category of personal information with higher security impact which we gather from the supporting documents presented, such as:
Government-issued IDs and/or other relevant documents
IDs issued by private companies that are duly registered with the Securities and Exchange Commission (SEC)
Student IDs for those who are not yet of voting age (below 18 years old)
cardholder data (card number, CVV/CVC, card expiry date)
user credentials of the app (username, PIN/MPIN)
originating IP address, destination IP address and device ID
Our way to collect your personal data…
There are many ways by which we collect your personal data
We collect your personal data through filled out forms which can either be printed or online or data input via our web and mobile applications (GCash App).
We also collect your personal data when you use our services via different channels or request your account information.
For payroll services, we may also use information from our partners and affiliates, like the Human Resource of your company when using GCash as payroll disbursement (PowerPay+ companies) to collect your personal data.
When we receive your personal data in connection with your exercise of your right to data portability.
Collection of your personal data relies to the fullest extent possible on the original source.
Our need to share your Personal Data…
In cases where we might need to share your personal data, we do it in a secure manner and in compliance with the standard security and technical measures and requirements of the DPA. As part of our organizational security measure, we enter into data privacy agreements to ensure that recipients of your personal data implement reasonable and appropriate organizational, physical, and technical measures.
As part of our operations and the delivery of our offered products and services, there may be times when we are required to disclose your personal data to the following parties:
GCash Group which shall refer to (i) GXI, (ii) its affiliates and subsidiaries, including Globe Telecom, Inc., Globe Fintech Innovations, Inc., and Fuse Lending, Inc.; and (iii) their respective shareholders, directors, officers, employees, agents, representatives, assigns, and anyone acting under their direction or on their behalf.
Financial institutions, when mutually offering product(s) and service(s) such as open banking, payment services, etc.;
Business partners, service providers, and other third-party partners who act on our behalf in helping conduct our business operations and provide you the products and services we offer; and
Law enforcement and regulatory bodies.
How long do we store your personal data?
In accordance with law, we will use your personal data for as long as necessary to satisfy the purposes for which they were collected or to comply with applicable legal requirements. For the avoidance of doubt, we will only keep a copy of your records based on the assigned retention period per type of record below:
Type of Record/Category
Description
Retention Period
Anti-money laundering (AML) and Know Your Customer (KYC) -related records
These are records that mainly have an impact on the organization’s compliance with BSP regulations.
Closed accounts - 5 years from date of closure
Transaction records - 5 years from date of transaction in compliance with BSP and AML regulations
Employee records
Records containing or pertaining to information of the company’s employees. These include records of employee 201 files - personal bio, medical records, exit interview forms, etc.
5 years after employee termination, 7 years if employee is not able to complete his/her clearance
Cardholder data records
Records containing cardholder data
Can only be stored while waiting for an authorization
Contracts
Legally binding documents between the company and another party such as NDAs, Vendor Agreements, SLAs, etc.
10 years after termination of contract
Financial and tax records
Documents containing financial data of the company.
10 years
How do we dispose of your personal data?
Your personal data will be destroyed in an irretrievable and unusable form in adherence to our physical and technical security measures, which are consistent with industry standards. We will initiate disposal as soon as retention is no longer required by existing laws, rules, or regulations.
For paper records containing personal data, they will be securely disposed of through the process of cross-cut shredding. Meanwhile, personal data stored in tapes, hard disks, and other forms of electronic media, will be destroyed such that it will be completely unreadable and cannot be accessed or used for unauthorized purposes through secure wipe solution.
We care about the security and privacy of your personal data…
We recognize the risks involved whenever we process your personal data so that you can establish an e-wallet and avail yourself of various GCash-enabled services. These risks include account takeovers, social engineering, hacking, and others. Considering these risks, we deploy a variety of security measures to protect your personal data, whether in paper or electronic format. In particular, we take reasonable steps to secure your personal data from misuse, interference, loss, unauthorized access, modification, and unauthorized disclosure by implementing security measures within GCash, such as:
Only authorized personnel have access to these personal data to restrict access.
We encrypt personal data to keep your data private while being stored and in transit;
We put in place security controls such as but not limited to the following:
Adoption of multi factor authentication (“MFA”) which requires users to input the following security credentials in the GCash mobile application:
One Time Password (“OTP”), which is sent via SMS or text message to the user’s Registered Number; and
Mobile PIN (“MPIN”), for log in to the GCash application.
Enabling Biometrics Login of GCash Users
We conduct assessments of the personal data flows to further enhance the data protection of your personal information.
We establish and enforce additional applicable organizational, physical, and technical security measures that are aligned with industry-recognized standards.
When there is a need for us to store your personal data with a third party data storage provider, we use contractual arrangements to ensure that those providers take appropriate measures that are aligned with our Data Privacy and Information Security Policies.
In addition to the security measures we implement to protect your data, we advise you to stay vigilant and always protect your credentials. Please inform us right away if you think your credentials have been compromised or you became susceptible to the kinds of risks we mentioned earlier. Never share your MPIN or OTP. To learn more about how you can protect your GCash Account, please visit our Help Center.
Automated decision making
We may arrive at a decision by automated means without any human involvement (otherwise known as automated decision making), especially when we evaluate your information to get a sense of your profile as a customer. We perform customer profiling by way of evaluating, analyzing, or predicting your financial preferences, reliability, and behavior. This involves assessing your transaction history, repayments, and account balances in order to predict when you might want to increase an existing credit capability.
You may ask us not to make decisions about you that are based solely on automated processing by exercising your rights. If you do this, certain products and services may not be offered to you.
Privacy Notice
GCash takes your privacy very seriously. We work hard to protect your personal information. We do this in a way that follows international standards and the laws of the Philippines.
This privacy notice tells you how we handle your personal information. Our goal is to be clear about what we do and why we do it. We always try to do things in the right way. Here, we explain how we collect, use, share, keep, delete, and protect your information. We'll also explain how you can control what happens to your information.
What is GCash?
GCash is a digital wallet that makes your financial and lifestyle tasks easy. Thanks to our partners, you can pay bills, send money, borrow cash, donate, plant trees, shop online, and buy things using your GCash App.
You can learn more about what you can do with your GCash App on ourwebsite.
Why do we have your personal information?
To confirm your identity (Know-Your-Customer or KYC Information)
Before we can create a mobile wallet for you and let you use our partner services, we need to know who you are, as required by law. We also need to keep track of transactions and report any suspicious activities to financial regulators. This is because of rules against hiding the real source of money that may have been obtained illegally (money laundering).
To provide our financial and lifestyle services
We collect your personal information so you can enjoy our services easily and instantly. For example, when you pay your bills through your GCash App, we ask for your name, account information, contact information, and payment method. We collect these details so the company or institution you're paying can apply your payment to the correct bill or account.
We also look at how you use our services to see if you can get special deals from us. We look at things like if your account is set up right, if you keep enough money in your GCash account, and how often you use our services like paying for bills, investing money, saving money, and getting insurance. We also see if you pay your loans early or on time, and how you use credit. Looking at these will allow us to calculate your GScore. To learn more about GScore, please see the GScore FAQs.
To personalize our products and services
We collect and analyze your personal information to tailor our services just for you. By understanding what you like and need, we can recommend products, customized services, and personalized features that make your experience even better.
To carry out product and market research
We may use your personal information to find trends and patterns and to improve and create new products and services. For example, we offer fair lending, affordable investments, accessible insurance, and other services to promote financial inclusivity for all Filipinos. We were able to introduce these products because we study your needs.
To manage risk and prevent potential fraud and crime
We do risk analysis and fraud prevention to protect you, our partners, and our business. For example, to stop someone else from taking over your GCash account, we may collect and look at your facial image, transaction histories, and other personal information. To learn more about our DoubleSafe security feature, please visit our website.
To improve our customer service
Our Customer Experience Management Team may need to collect your other personal information to answer your questions better. Also, we record your calls and chats to improve and train our team.
To enhance your GCash App’s performance
To give you the best possible experience and value, we may use your personal information and study how you use your app to make our services even better.
To send you updates and other communications
We may use your personal information to send you important updates about your account, the services you use, new features, security alerts, and other relevant communications.
To advertise relevant services and products
We use your personal information for targeted advertising to show you offers, promotions, and suggestions that match your interests. We also aim to give you personalized advertisements by studying how you use your GCash App, such as transaction history, usage patterns, and preferences.
To manage the recruitment process and keep employment records
If you work with us, have worked with us, or are interested in joining us, we process the personal information you shared in your resume and application forms. This includes information about your education, test results, job offer, background checks, and medical assessments. We also keep your personal information while you work with us and even after you leave, like details about your pension and other benefits, bank account, addresses, beneficiaries, and emergency contacts.
What types of information do we collect, process, and share, and how long do we keep them?
If you decide to open a GCash account, we will collect, process, and share various types of information. Don’t worry, we will only keep and use them for as long as needed to satisfy the purposes they were collected or to meet legal requirements.
Identification (Know-Your-Customer) Information: When you open a GCash account, we collect your personal details. These include your full name, gender, home address, mobile number, email address, birth details, citizenship or nationality, government-issued ID numbers, your photo, and signature. If needed, we might also ask about your job, marital status, income, and other information, as required by the Bangko Sentral ng Pilipinas (BSP) regulations.
We keep your identification information for 5 years after the last transaction you made using your GCash account or after you close your account.
Financial Information: If you link your bank account to your GCash wallet, we may collect your bank account and online login details.
We keep your financial information for 5 years after the last transaction you made using your GCash account or after you close your account.
Contact List: If you use our services to send money or mobile loads to your contacts, or invite them to use our features like GForest, we may collect information from your address book.
The GCash App keeps your contact list for as long as you have it.
Third-Party Information: We collect information about you from other sources to improve our services. For example, for recruitment and background checks, transaction processing, identity verification, and fraud detection.
The length of time we keep your third-party information varies.
Identification Information: These are kept for 5 years after the last transaction you made using your GCash account or after you close your account.
Professional or employment information: These are kept for 5 years after your recruitment or end of employment.
If relevant to an ongoing investigation: These are kept for up to 10 years after completion of investigation or depending on the court's order.
Device Information: We collect details about the device you use to access your GCash account, such as the type of device, identification number, time zone, language setting, browser type, and IP address.
We keep your device information for at least 90 days in our active records and up to 3 years in our backup records.
App Use Information: We gather information about how you use your app and website, such as the pages you visit and the activities you do.
We keep your app use information for at least 90 days in our active records and up to 3 years in our backup records.
Biometric Login Information: We collect biometric information stored on your device to access your GCash account. We may also collect your facial image for our DoubleSafe security feature. To learn more about DoubleSafe, please visit our website.
The GCash App keeps your biometric login information for as long as you have it.
Geolocation Information: We collect your location information to improve our services, for fraud and crime detection, and for marketing purposes. Some features might not work correctly if you don’t share your location. You can manage this in your device settings.
If your geolocation information is relevant to an ongoing investigation, we keep it for up to 10 years after completion of investigation or depending on the court's order.
Information you provide when you contact us: We record your calls when you contact us via our hotline (2882). We also capture images during events and collect chat records with our chatbot Gigi and your emails to us.
If it refers to identification information, we keep the information you provide when you contact us for 5 years after the last transaction you made using your GCash account or after you close your account.
Online or network activity information: We collect information about your interactions with our app, website, advertisements, social media pages, and other digital platforms.
We keep your device information for at least 90 days in our active records and up to 3 years in our backup records.
Social Web Information: We collect information when you interact with us on our official social media pages (Facebook, Twitter, Tiktok, and Instagram). This can include your ticket number, mobile number, name, photo, and other information related to your inquiry.
The length of time we keep your social web information varies.
Identification Information: These are kept for 5 years after the last transaction you made using your GCash account or after you close your account.
Professional or employment information: These are kept for 5 years after your recruitment or end of employment.
If relevant to an ongoing investigation: These are kept for up to 10 years after completion of investigation or depending on the court's order.
Advertising Unique Identifiers: We collect unique identifiers like your iOS Identifier for Advertisers (IDFA) and Android Advertising ID (GAID) for our advertising activities. You can control how you want to share your advertising identifiers through changing your device settings.
We keep your advertising unique identifiers for as long as you have the GCash App.
Professional or employment information: We collect information you provided in your resume for your job application, including your work history, education, contact details, and professional licenses or certifications.
We keep your professional or employment information for 5 years after you leave. If you don’t finish your "clearance" process, we may keep your records for 7 years.
How do we collect your personal information?
We collect your personal information in several ways:
Direct Interactions: We collect information when you create a GCash account and provide your personal information to use our services, apply for a job, participate in recruiting events, contact us for assistance, and others.
Via Our App and Website: We collect information when you open a GCash account or use any of our services such as GStocks PH, Global Stocks, or GCrypto, or when you apply to become one of our merchants or business partners.
Through Various Channels: We collect information through various channels, including through online forms and app pages managed by us or our service providers. For instance, when you buy a product from our partner's website and select GCash as your payment method, we will collect your information to process the payment.
From Our Partners and Affiliates: For example, we may receive your personal information from your company's human resources department if they use GCash to pay your salary. We also receive information from other companies whenever they use GCash to offer their services to you.
From Our Social Media Platforms: We collect information when you interact with us on our official social media pages or when you participate in our contests.
By Granting Permissions on Your Mobile Devices: We collect information when you enable biometric login or grant access to certain permissions for services like GForest and other marketing activities.
From Other Third Parties: For example, we may receive your personal information when you ask another company to transact with us or when you request them to send your personal information to us (exercise of your right to data portability).
From Your Friends, Family Members, or Former Employers: For example, we collect information when your friends include you as a reference or contact person in their account.
From Third-Party Recruitment Agencies: The recruitment agencies we work with may provide us with a copy of your resume or the personal information you've shared on job-search and professional networking websites.
From Third-Party Background Verification Providers: We hire people to check the information you gave us in your job application and to perform a background check. This helps us see if you’re a good fit for our company.
Who do we share your personal information with?
We partner with different government agencies and private businesses to provide a wide range of financial and lifestyle services. Sometimes, we need to securely share your personal information with them to give you the services you asked for:
GCash Affiliates: Different companies affiliated with GCash work together to provide one of our financial and lifestyle services. For example, if you decide to apply for a loan, the personal information you provide may be shared with our lending partner, Fuse Lending, Inc. (FLI).
(GXI) is the main company that runs GCash. GXI has related companies like FLI and BlockG Virtual Assets, Inc. (BlockG). Another company called Globe Fintech Innovations, Inc. (GFI or Mynt) owns GXI.
Financial institutions and credit investigation agencies: To consistently provide you with high-quality services, we may share your personal information with other trusted financial institutions. This helps us deliver the services you requested, confirm identities, evaluate creditworthiness, manage risks, prevent fraud and crime, and more.
Partners: GCash may collaborate with different businesses to offer you a broad range of financial and lifestyle services. For instance, if you use your GCash App to pay your bills, we may share your personal information with the billing company you chose. If you participate in a promotion with our partners, we may share your promo subscription and redemption records with them. To know who our partners are, please visit our website.
Service Providers: We also share your personal information with trusted service providers who assist us in making our services seamless and efficient. They help us in various ways, such as answering your questions, analyzing information, managing risk, preventing fraud, processing payments, and more. They play a big role in making sure the GCash App runs smoothly for you.
Fraud and crime prevention partners: We are dedicated to protecting you and other GCash users from fraud and other crimes. By sharing some of your personal information, we contribute to a safer and more transparent financial system, protecting you and the broader community.
Law enforcement agencies, regulatory bodies, and courts: GCash may share your personal information with law enforcement agencies, regulatory bodies, courts, and other public authorities. We will only do this if required by law or to protect our rights, prevent fraud, and ensure the safety of GCash users and the public.
Changes within GCash: If GCash joins with another company, or if another company buys us or our assets, we might have to share your personal information with that company. If this happens, we will make sure to tell you ahead of time if your information will be handed over to another company or if there will be new rules about keeping your information private.
How do we delete your personal information?
We make sure to destroy your personal information securely so it can't be retrieved or used. We do this by following security measures that are standard in our industry. Once laws or regulations no longer allow us to keep your personal information, we start to delete them. For physical records, we destroy them by shredding. For information stored on electronic media like tapes and hard drives, we completely erase them using secure wipe solutions so they can’t be read. This makes the information unreadable and unusable without authorization.
How do we advertise to you?
To keep you updated with our latest offers and features, we use some of your information for advertising. Here's how we do it:
Collecting your information: We gather certain personal details about you, your actions within the app, and your advertising information (depending on your device settings). We analyze these to better understand your general interests and needs.
Profiling: We use the information we collect to make a “profile” about you. This allows us to gain a broad understanding of what you might prefer. We use this profile to suggest products or services that align with your preferences.
Targeted ads: We use your profile to show you ads that we think you might be interested in. Rather than showing the same ad to everyone, targeted ads aim to deliver more relevant content to each individual user.
Working with partners: We sometimes work with trusted partners, like advertising companies, to help us show you personalized ads. These partners only get access to coded and anonymous information. They are required to keep your information confidential and comply with laws about protecting your information.
How do we keep your information safe and secure?
Your trust and privacy are important to us. Hence, we aim to be transparent about how and when we share your information, all while ensuring its safety and security.
There can be risks when you create an e-wallet, like someone taking control of your account (account takeover), someone pretending to be a family member to trick you into giving away personal information (social engineering), or even someone getting into your cellphone without your permission (hacking). We want to keep your details safe so they won't be used the wrong way, get lost, or be accessed by someone you didn't allow. That's why we've added security measures to help protect against these dangers. These security measures include:
Restricting access: Only certain people are allowed to see your personal information.
Encryption: We code your personal information to keep it private when it’s being stored and sent. Encryption is like turning your information into a secret code, which can only be understood by those who have the key.
Multi-factor authentication (MFA): We use MFA in the GCash App. This means you need more than one factor before you can access your account. For example, if you want to link a new device to your GCash account, you need to use a one-time password (OTP), enter your Mobile PIN, and perform a selfie scan. We also use biometric login.
We regularly check how information moves into and out of our computer systems to make sure it’s protected. We enforce organizational, physical, and technical security measures aligned with recognized industry standards.
If we give your personal information to another company to help us with our services, we make them sign a special agreement. This agreement makes sure they follow the same rules we do to keep your information safe.
Additionally, we advise you to stay vigilant and always protect your credentials. Inform us immediately if you suspect your credentials have been compromised. Never share your MPIN or OTP. For more information on protecting your GCash Account, visit our Help Center.
Do we use automatic decision-making processes?
We may make decisions about you using computer systems without human involvement, a process known as automated decision-making. We do this to get a better understanding of you as a customer. By examining your past transactions, repayments, and account balances, we can understand your financial habits, trustworthiness, and behaviors. This process also helps us anticipate your future needs, such as when you might require additional credit. For instance, we might assess your eligibility to avail of our partners’ financial products based on your GScore. To learn more about GScore, please refer to the GScore FAQs.
What rights do you have regarding your information?
You have several rights under the law:
You can be told about how we handle your personal information (right to be informed).
You can access the personal information we have about you (right to access).
If we're processing your personal information based on consent or legitimate interest, you can object (right to object).
You can ask us to stop, withdraw, block, delete, or destroy your personal information (right to erasure or blocking).
If your information privacy rights have been violated and you've suffered damage, you can claim compensation (right to damages).
If you feel that your personal information has been misused or your privacy rights have been violated, you can file a complaint with the National Privacy Commission (right to file a complaint).
You can dispute and have any mistakes or errors in your personal information corrected (right to rectify).
You can ask us to securely move, copy or transfer your personal information from one company to another (right to information portability).
For more information about your privacy rights, you can visit the National Privacy Commission’s website to look at resources about the Rights of Data Subjects.
How can you exercise your data privacy rights?
We'll handle all your requests to access, correct, or move your personal information unless there are legal reasons we can't. You can ask for a copy of any personal information we have about you. If you find a mistake, you can ask us to correct it.
We value your thoughts, feedback, and requests. If you need to talk to us, you can email us at gxi.dataprivacy@mynt.xyz (Data Protection Officer) or call us at 2882 (Customer Care).
Is our Privacy Notice up to date?
We periodically update this notice to provide you with the most recent information on how we protect your personal information. Our goal is to keep up with the latest rules about data privacy and advancements in security technologies. We recommend that you visit this page often to stay informed of any updates we make.
Last updated: 15 August 2023
GCash Seal of Registration:
Privacy Notice
GCash takes your privacy very seriously. We work hard to protect your personal information. We do this in a way that follows international standards and the laws of the Philippines.
This privacy notice tells you how we handle your personal information. Our goal is to be clear about what we do and why we do it. We always try to do things in the right way. Here, we explain how we collect, use, share, keep, delete, and protect your information. We'll also explain how you can control what happens to your information.
What is GCash?
Why do we have your personal information?
What types of information do we collect, process, and share, and how long do we keep them?
How do we collect your personal information?
Who do we share your personal information with?
How do we delete your personal information?
How do we advertise to you?
How do we keep your information safe and secure?
Do we use automatic decision-making processes?
What rights do you have regarding your information?