Collection of Personal Information
When you use our services to connect your financial / bank accounts or Social Security System (“SSS”) with a developer application, we collect the following information about you only with your consent.
- Information we collect from your financial / bank accounts:
- Account information, including (by way of example and without limitation) the financial institution’s name, account holder’s information, account type, account balance, account currency;
- Transaction history, including (by way of example and without limitation) transaction amount, date, description, currency;
- Information we collect from your SSS:
- Identity Information, including (by way of example and without limitation) full name, email address, home address, phone number, gender;
- Contribution history, including (by way of example and without limitation) payment amount, date, currency;
We NEVER store the credentials of your financial / bank accounts and SSS on our database or in log file and our system security ensures that there are no touchpoints for third-party applications able to gain access to your credentials. We only use your financial accounts and SSS credentials to login once and for purposes of providing our services to you.
We may use your personal information for several business purposes set out below:
- To operate, provide, and maintain our services for you and other customers;
- To improve, modify, add to, and further develop our services for you and other customers;
- To develop new services for you and other customers;
- To protect you, AND Solutions, our partners and others from fraud, malicious activity, and other privacy and security-related concerns;
- To provide customer support to you, including responding to your inquiries relative to our services;
- To investigate any misuse of our service, criminal activity, or other unauthorized access to our services;
- To generate anonymized data and anonymized aggregate data;
- To comply with contractual and legal obligations under applicable law; and
- For other notified purposes with your consent.
To add another layer of privacy to your personal information, within a week after collecting your personal information from your financial / bank accounts and SSS, we shall permanently delete your original personal information and only store the generated anonymized data. Thus, you will no longer be personally identifiable in our database.
We share your personal information with our data processors and other service providers, partners, or contractors only in connection with the services they perform for us, in line with the services we provide you to which you have consented to. Your personal information is also shared between and among AND Solutions and our current and future parents, affiliates, subsidiaries, and other companies under common control or ownership. Any sharing of your personal information with the aforestated parties shall be covered by the appropriate Data Sharing or Outsourcing Agreement, as the case may be.
Moreover, we may share or disclose your personal information for the following business and legal purposes:
- To enforce any of our contracts with you;
- If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (such as a court order);
- In connection with a change in ownership or control of all or a part of our business (such as a merger, acquisition, reorganization, or bankruptcy);
- As we believe reasonably appropriate to protect the rights, privacy, safety, or property of yourself, AND Solutions, our partners, and others; or
- For any other notified purpose with your consent.
We may collect, use, and share your personal information in an aggregated, de-identified, or anonymized manner for any purpose permitted under applicable law. This includes creating or using aggregated, de-identified, or anonymized data based on the collected information to develop new services and to facilitate research.
Further, we do not sell or rent personal information that we collect.
We do not retain personal information longer than necessary to fulfill the purposes for which it was collected and used, as described in this policy unless a longer retention period is required or permitted under applicable law.
Upon expiration of such period, all physical and electronic copies of your personal information will be destroyed and disposed of using a fully secured technology or process.
We may retain some of your personal information and data related to your use of our services even after you stop using an application. However, your information will only be processed as required by law or in accordance with this policy.
The personal data that you have provided shall belong solely and exclusively to you. As such, you are permitted to remove or delete the data, either in full or any portion.
In the event you desire to remove or delete all or any portion of the data belonging to you, kindly request/ inform us in writing through email. Upon receipt of such written request, we will promptly act upon your request and notify you of the same. We will not retain any copies of such data on our server or in any other place within our control.
In this regard, we warrant that we cannot access such deleted material at any point in time. Any contact, information or access that we had towards such data will cease. However, certain portions of your data, which we had maintained on our servers, may remain either in backups or in log files. These are maintained only for the specific purpose of backup or to provide service to you in the event of any malfunction or damage to our server in order to ensure continuity of our service without disruption.
We operate internationally, and as a result, will transfer the information we collect about you across international borders, including from the Philippines to Singapore or Mongolia, for processing and storage.
We will take reasonable steps to ensure that your personal information is handled securely in accordance with applicable data protection laws and this policy.
We use industry-standard physical and digital security to protect your personal information that we collect, including:
- End-to-end encryption of data in transmission to prevent unauthorized access or modification;
- Strict internal controls and logging of access;
- Periodically review our procedures and continuously improve our systems for managing and securing personal information.