Privacy Policy

Last Updated: August 12, 2022 | Last Reviewed: August 12, 2022

PJ Lhuillier Incorporated (“us”, “we”, “our”, the “Company”) is a corporation duly organized under the laws of the Republic of the Philippines. We provide you (“you”, “your”), through our technology, our third-party licensors, or our service providers, payment and disbursement services (“Services”), and in doing so we process personal data (“Personal Data”) about you – our Clients, their representative/s, or their customers (collectively, “Data Subjects”) – in accordance with the Data Privacy Act of 2012, its Implementing Rules and Regulations, and the issuances of the National Privacy Commission (“Privacy Laws”).

This Privacy Policy (“Policy”) shall govern our processing of your Personal Data. Before you use our Services, please read this Policy carefully and thoroughly. BY CLICKING OR CHECKING “SIGN UP”, “I AGREE TO PERAPAL’S PRIVACY POLICY”, “I AGREE AND CONSENT TO THE COLLECTION, USE, DISCLOSURE, STORAGE, TRANSFER AND/OR PROCESSING OF MY PERSONAL DATA FOR THE PURPOSE STATED IN, AND UNDER THE TERMS OF, PERAPAL’S PRIVACY POLICY” OR SIMILAR STATEMENTS AVAILABLE AT THE PERAPAL REGISTRATION PAGE OR IN THE COURSE OF PROVIDING YOU WITH THE SERVICES OR ACCESS THERETO, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THE TERMS OF THIS POLICY AND THAT YOU HAVE AGREED AND CONSENTED TO THE COLLECTION, USE, DISCLOSURE, STORAGE, TRANSFER AND/OR PROCESSING OF YOUR PERSONAL DATA AS DESCRIBED AND UNDER THE TERMS HEREIN.

 

    1.        OVERVIEW AND APPLICABILITY

 

The Personal Data we collect depends on how our Services are used. We may receive Personal Data directly from Data Subjects, such as when they create an account in PeraPal, when they request from us information about our Services via email or through other means of communication. Other times, we collect Personal Data by recording interactions with our Services.

 

    2.        PERSONAL DATA WE COLLECT

 

“Personal Data” refers to any data that identifies, or that could reasonably be used to identify, a Data Subject as an individual. We collect Personal Data in different ways. For example, we collect Personal Data when a business registers for an account, or a Customer makes payments or conducts transactions through our Services. We may likewise collect Personal Data from the identification documents our Clients submit to us when we perform our Know-Your- Customer (KYC) and Customer Due Diligence (CDD) vetting of Our clients prior to establishment of our business relationship with them. We may also receive Personal Data from other sources, such as our partners, financial service providers, identity verification services, and publicly available sources. For clarity, Personal Data does not include data that has been aggregated or made anonymous such that it can no longer be reasonably associated with a specific person. The Personal Data that We may collect includes:

 

  1. Full names of Data Subjects
  2. Contact details, such as name, address, telephone number, email address;
  3. Financial and transactional Information, such as credit or debit card number, and bank account information; and
  4. Date and Place of Birth, Government-issued identifiers (e.g. Tax Identification Number, SSS Number, Passport Data, among others) which we collect and process for us to perform our obligations under applicable anti-money laundering and countering terrorist financing regulations, and such other applicable laws and regulations, and to perform our contractual commitments with our Payment Channel Partners.

 

In using any of our Services, we also collect and gather other Personal Data through a variety of sources. Among the sources for said Personal Data are our technologies that record the use of our Services supported by our website, websites that implement our Services, and the use of our Services generally. Other Personal Data that we may collect include:

  1. Browser and device data, such as IP address, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons and the version of the Services the Data Subjects are using are using;
  2. Transaction data, such as purchases, purchase amount, date of purchase, and payment method; and
  3. Cookie and tracking technology data, such as time spent on the Services, pages visited, language preferences, and other anonymous traffic data.

 

A part or the whole of the Services may be performed by third-party licensors and/or service providers such as Xendit.

  1. Where part or the whole of the Services are performed by Xendit, the processing of the Data Subject’s Personal Data shall be governed by Xendit’s Privacy Policy which can be accessed at <insert link>. In using or availing of such part or the whole of the Services performed by Xendit, you agree to be bound by Xendit’s Privacy Policy.

 

    3.        HOW WE USE AND PROCESS PERSONAL DATA

 

We use and process Personal Data to: (i) provide the Services; (ii) detect and prevent fraud; (iii) mitigate financial loss or other harm to Clients, their Customers and the Company, and our third-party licensors;  (iv) promote, analyze and improve our products, systems, and tools; and (v) complete reports to be submitted to regulatory agencies.

 

We also use and process Personal Data for the following purposes:

  1. To verify an identity for compliance purposes;
  2. To evaluate an application to use our Services;
  3. To facilitate your registration and account sign-up;
  4. To conduct manual or systematic monitoring for fraud and other harmful activity;
  5. To respond to inquiries, send service notices and provide customer support;
  6. To process a payment using our Services, communicate regarding a payment, and provide related customer service;
  7. For audits, regulatory purposes, and compliance with industry standards;
  8. To develop new products;
  9. To communicate with our clients through the means of communication or contact details provided;
  10. To assist you in your use of the Services;
  11. To send direct marketing communications for our other products, services, promotions, or events, or that of our affiliates;
  12. To send our our newsletters;
  13. To improve or modify our Services; and
  14. To conduct aggregate analysis and develop business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of, our business.

 

    4.        HOW WE DISCLOSE PERSONAL DATA

 

We do not sell or rent Personal Data to marketers or unaffiliated third parties. We share Data with trusted third parties, including:

  1. To Affiliates. We share Data with our affiliates and subsidiaries to provide our Services, or otherwise improve our Services;
  2. To Third-Party Licensors. As part or the whole of the Services may be provided to you through our third-party licensors, Personal Data may be shared to them in order to provide the Services.
  3. To Service Providers. We share Personal Data with service providers who help us provide the Services. Service providers, which include Payment Channel Partners, help us with things like payment processing, website hosting, data analysis, information technology and related infrastructure, customer service, email delivery, and auditing;
  4. To Our Clients. We share Personal Data with our Clients as necessary to process payments or provide the Services. For example, we share Personal Data with Clients about purchases made or services availed of, and paid by their Customers through the Services;
  5. To Authorized Third Parties. We share Personal Data with parties directly authorized by a Client to receive Personal Data, such as when a Client authorizes a third-party application provider to access the Client’s account. The use of Personal Data by an authorized third party is always subject to said Third Party’s Privacy Policy;
  6. To Other Third Parties. We will share Personal Data with third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings); and
  7. Safety, Legal Purposes and Law Enforcement. We use and disclose Personal Data as we believe necessary: (i) under applicable law, or payment method rules; (ii) to enforce our Terms and Conditions for the provision of the Services; (iii) to protect our rights, privacy, safety or property, and/or that of our affiliates, and the Data Subjects; and (iv) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include authorities outside of our Data Subjects’ country of residence.

 

    5.        SECURITY

 

We implement  reasonable organizational, technical and administrative measures to protect Personal Data within our organization. Should You have reason to believe that our processing of Personal Data is no longer secure, please contact us immediately.

 

    6.        EXERCISE OF DATA SUBJECTS’ RIGHTS

We recognize and acknowledge Data Subjects’ rights guaranteed under Philippine’s Privacy Laws:

  1. Right to be informed. The Data Subject has a right to be informed whether Personal Data pertaining to them shall be, are being, or have been processed, including the existence of automated decision-making and profiling.
  2. Right to object. The Data Subject has the right to object to the processing of their Personal Data, including processing for direct marketing, automated processing or profiling. Should the Data Subjects no longer want to receive marketing-related emails or communications from us on a going-forward basis, the Data Subjects may opt-out via the unsubscribe link included in such emails or communications, or by directly contacting us. We will try to comply with your request(s) as soon as reasonably practicable.
  3. Right to Access. The Data Subject has a right to be given access to specific kinds of information identified in the Data Privacy Act upon reasonable demand. You may request information about your Personal Data which We have collected, or inquire about the ways in which your Personal Data may have been used, disclosed, stored, or processed by us within the past year. In order to facilitate processing of your request, it may be necessary for us to request further information relating to your request. We reserve the right to charge a reasonable administrative fee for the retrieval of your Personal Data records. In any case, you shall be informed of the fee before any such request is processed.
  4. Right to Rectification. The Data Subject has the right to dispute the inaccuracy or error in their Personal Data and have us correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable.
  5. Right to Erasure or Blocking. The Data Subject has the right to suspend, withdraw or order the blocking, removal or destruction of their Personal Data from our filing system.
  6. Right to Lodge a Complaint with the National Privacy Commission and Right to Damages.

 

Please note that if you exercise any of your rights set out above, we may not be in a position to continue to provide the Services to you or perform on any contract we may have with you, and we will not be liable in the event that we do not continue to provide the Services to or perform our contract with you. Our legal rights and remedies are expressly reserved in such an event.

 

    7.        RETENTION PERIOD

 

We will retain Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or otherwise permitted by law. In general, as a financial institution supervised by the Bangko Sentral ng Pilipinas, we will retain Personal Data for five (5) years following the termination of the Services.

It should likewise be underscored that we have a variety of obligations to retain the Personal Data that we process , including to ensure that transactions can be appropriately processed, settled, refunded or charged-back, to help identify fraud and to comply with anti-money laundering and other laws and rules that apply to us and to our financial service providers. Accordingly, even if Clients may have terminated the Services, we will retain certain Personal Data to meet our obligations. There may also be residual Personal Data that will remain, in anonymized format, within our databases and other records, which will not be removed.

 

    8.        JURISDICTION AND CROSS-BORDER TRANSFER

 

Personal Data may be stored and processed in any country where we have operations or where we engage service providers, and we may transfer Personal Data to countries outside of the Philippines, including the United States,  Indonesia, and Singapore which may have data protection rules that are different from those of the Data Subject’s  country. However, we will take appropriate measures to ensure that any such transfers comply with applicable data protection laws and that your Data remains protected to the standards described in this Policy. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your Personal Data.

 

    9.        THE COMPANY AS A PERSONAL INFORMATION PROCESSOR

 

We may collect, use, disclose and otherwise process certain Personal Data about customers when acting as the Client’s service provider. Our Clients are responsible for making sure that their customer’s privacy rights are respected, including ensuring appropriate disclosures about third party data collection, use and processing. To the extent that we are acting as a Client’s Personal Information Processor, we will process Personal Data only in accordance with the terms of our agreement with the Client’s and the Client’s lawful instructions.

 

 10.        CHANGES TO OUR PRIVACY POLICY

 

We may occasionally update this Policy should there be change in the way we process Personal Data consequent upon a change or improvement to any of our Services. If we modify this Policy, we will post the revised copy of it on our website, and we will also revise the “last updated date” stated above. If we make material changes in the way we use Personal Data we will notify you, where applicable, by posting an announcement on our website, by sending an e-mail, or through Instant Messaging Services or SMS. It remains the responsibility of the Data Subjects to periodically review this Policy. Your continued use of the Services after such change has been implemented shall constitute your consent to such changes.

 

 11.        HOW TO CONTACT US

 

If you have questions, feedback or concerns regarding this Policy, and your privacy please contact: [email protected]