The following section lists our Privacy Policy. As this affects your legal rights, please ensure that you familiarise yourself with this page, as well as the Terms and Conditions.

1. Introduction

Crawfort Micro Lending Technologies Philippines Inc. (the “Company”) takes our responsibilities under the Republic Act 10173 – Data Privacy Act 2012 (the “Data Privacy Act”) seriously. We recognise the importance of the personal data our customers, employees and third parties have personally entrusted to us and believe that it is our responsibility to properly manage and protect their personal data. Kindly read our latest Personal Data Protection Policy (“Privacy Policy” or “this policy”) and our Terms and Conditions, both of which are available on our website at www.crawfort.com carefully.

2. Purpose

This policy governs the collection, use and disclosure of personal data from employees, customers and third party to us and explains how we collect and handle personal data of individuals and comply with the requirements of the Data Privacy Act and its provisions. In this policy, “personal data” and “personal information” shall have the meaning ascribed to it in the Data Privacy Act.

3. Responsible

The Company’s appointed Data Protection Officer (DPO) will update this Data Protection Policy at least annually or from time to time to ensure that this Data Protection Policy is consistent with future developments, market trends and/or any changes in technology, legal or regulatory requirements.  

4. Scope

This policy covers all the activities of Crawfort Micro Lending Technologies Philippines Inc. related to Personal Data received from employees, customers and third party.

We will collect, use or disclose personal data for employment and reasonable business purposes only if there is consent or deemed consent from the individual and information on such purposes have been notified. We may also collect, use or disclose personal data if it is required or authorised under applicable laws.

Such consents are obtained from our customers via application form, signing of loan contracts or by customer’s declaration that they have read and consent to our Terms and Conditions and this policy to collect, use, retain, dispose, handle, transfer, process and/or disclose their personal data.

We obtain consent from our Employee by having them sign the consent form during either the course of their employment or the recruitment process.

6. Collection of Personal Data

6.1 Personal Data collected from Customer

6.1.1 Purpose and Scope

THIS POLICY TOGETHER WITH OUR TERMS AND CONDITIONS ARE DESIGNED TO INFORM OUR CUSTOMERS AND ASSIST THEM IN UNDERSTANDING HOW WE COLLECT, USE, RETAIN, DISPOSE, TRANSFER, DISCLOSE AND/OR PROCESS THEIR PERSONAL DATA.

We only collect personal data from our customers to enable us to understand our customer’s financial needs, assess their loan application and to comply with relevant regulatory requirements. Such personal data is provided to us in the application forms filled by our customers both online or in person, face to face interviews, email messages and telephone conversations. We will not use or disclose information collected from our customers other than the purpose made known herein or as may be necessary to comply with the applicable laws.

We will only collect, hold, process, use, communicate and/or disclose such personal data, in accordance with this policy. 

We use personal data of customers for the following purposes:

  1. For submission to Credit Information Corporation and the relevant credit bureaus (including without limitation, TransUnion Information Solutions, Inc.) to update their records and obtain the latest credit data.
  2. Assessing and evaluating our customer’s loan Application and to such extent necessary to comply with the laws of the Philippines.
  3. Understanding our customer’s financial needs and to assist us in studying, researching, customising and delivering loan packages that are of interest to our customers.
  4. To disclose them for the purposes of recovery of loans which are overdue to our customer’s “Next-of-kin”, their employer, company or office colleagues, if necessary.
  5. For debt recovery purposes, i.e. to engage any law firms, third party debt collection agencies or approved debt collector.
  6. For auditing and accounting purposes to a third party accountant or auditor.
  7. performing obligations in the course of or in connection with our provision of the goods and/or services requested by our customers.
  8. responding to, handling, and processing queries, requests, applications, complaints, and feedback from our customers.
  9. complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority.
  10. to provide analysis or valuable information so that we can improve the Service.
  11. sending your marketing information about our goods or services including notifying you of our marketing events, initiatives and promotions, lucky draws, membership and rewards schemes and other promotions.
  12. processing payment or credit transactions.
  13. verifying our customer’s identity.
  14. transmitting to any unaffiliated third parties including our third party service providers and agents, and relevant governmental and/or regulatory authorities, whether in the Philippines or abroad, for the aforementioned purposes.
  15. to provide and maintain the Service.
  16. to notify you about changes to our Service.
  17. to enable us or our appointed third party IT consultant or developer to maintain our IT infrastructure, develop software, user interface, UX, UI, algorithms and “artificial learning”.
  18. any other incidental business purposes related to or in connection with the above.

We may disclose your personal data: 

  1. where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods or services requested by you; or 
  2. to third party service providers, agents and other organisations we have engaged to perform any of the functions listed in clause 6.1.1 above for us.  

The Company undertakes not to make unsolicited request for customer personal information unless the customer first initiate contact with us. We further undertake to maintain strict confidentiality standards for safeguarding your information collected from you other than for the above-mentioned purposes. 

6.1.2 Type of Personal Data Collected

Personal data are collected for the purposes mentioned hereinabove, taking into consideration the nature and sensitivity of the personal data. Our customers’ (including any beneficiaries’) personal data are strictly handled and we endeavour not to collect information that exceeds that required by law and/or information we need to process your loan contact. The Personal Data collected are: 

  1. Full Name 
  2. Personal Identification Number (Tax Identification number, Social Security System number, Government Service Insurance System number, Passport number, Philhealth ID number, PhilSys number, Driver’s License number, Postal ID number, Professional Regulation Commission (PRC) ID number, Voter’s ID number or Senior Citizen ID number) 
  3. Nationality
  4. Date and Place of Birth
  5. Sex
  6. Ethnicity
  7. Present and Permanent Residential Address 
  8. Primary and Alternative Contact Number 
  9. Marriage Status
  10. Email Address
  11. Income
  12. Employment Information
  13. Photograph
  14. Next-of-Kin contact details
  15. Place of birth
  16. Nature of work and name of employer or nature of self-employment/business
  17. Specimen Signature
  18. Source of Fund

6.2       Personal Data collected from Employees

6.2.1    Purpose and Scope

We collect personal data from our employees to enable us to understand, plan, manage, evaluate their employment suitability and performance and to terminate their service. Such personal data is provided to us in the resume filled by our employees, face to face interviews or via the Company’s preferred communication channel (The Company will inform the employees of the purposes for the collection, use and disclosure of their personal data and obtain their consent prior to the collection, use and disclosure. We will not use or disclose information collected from our employees other than the purpose made known herein or as may be necessary to comply with the applicable laws).

Such use includes:

  1. For evaluation of work performance
  2. For Social Security System or employee insurances 
  3. To apply for any work pass/visas (for foreigners)
  4. To manage certain staff schemes like training or educational subsidies
  5. For the purpose of employment such as drafting employment letter
  6. To purchase work related insurances
  7. staff directory
  8. any other employment purposes

6.2.2 Type of Personal Data Collected

The personal data will be collected for the above mentioned purposes, taking into consideration the sensitive nature of personal data. The handling of personal data is done in a strict manner and we endeavour not to collect information that exceeds that required by law or the foregoing purposes.  The Personal Data will be collected are: 

  1. Full Name 
  2. Personal Identification Number (Tax identification number, Social Security System number or Government Service Insurance System number and Passport No.) 
  3. Photograph
  4. Nationality
  5. Sex
  6. Marital status
  7. Date and Place of Birth 
  8. Home Address 
  9. Contact No. 
  10. Email Address
  11. Work experience / Employment History
  12. Curriculum Vitae
  13. Designation
  14. Bank Account

6.3 Third Party

6.3.1 Purpose and Scope

The Company may disclose your personal data to third parties to assist with the Company’s activities, the purposes made known to you herein, only when we have the individual’s consent or deemed consent or when required by law. Any such third parties whom we engage will be bound contractually to keep information confidential.

We may also disclose your personal data to our affiliates, only where is it is necessary (i) to meet the purpose for which such individual submitted the personal data; and (ii) for the purposes which the Company has made known to you herein. 

Such purpose shall include:

  1. Debt collection purposes
  2. Accounting purposes
  3. Employment purposes
  4. Legal purposes
  5. Audit purposes
  6. Any other disclosure which may be required by law
  7. Verification purposes
  8. Loan disbursement and Payment purposes
  9. Market study and research purposes
  10. Other purposes, consistent with clause 6.1.1 above  

If you provide us with any Personal Data relating to a third party (e.g. information of your spouse, children, parents, employer and/or employees), by submitting such information to us, you represent to us that you have obtained the consent of the third party to provide us with their Personal Data for the respective purposes set out in this Data Protection Policy.

Please note that if your Personal Data has been provided to us by a third party (e.g. a referrer), you should contact that organisation or individual to make such queries, complaints, and access and correction requests to us on your behalf.

7. Disclosure of Personal Data

7.1 Personal Data of Customers

7.1.1   Purpose and Scope

We do not disclose personal data of customers to third parties except when required by law, when we have the individual’s consent or deemed consent or in cases where we have engaged third parties to assist with debt recovery, getting a credit report/assessment or certain aspects of the company’s activities such as accounting and auditing functions.  Any such third parties whom we engage are bound contractually to keep all information confidential.

7.2 Personal Data of Employee 

7.2.1   Purpose and Scope

We do not disclose personal data of employees to third parties except when required by law or when we have engaged third parties to assist with Training or certain aspects of the company’s activities such as accounting, HR and auditing functions.  Any such third parties whom we engage are to keep all information confidential. When sharing personal data to a third party, we will ensure that the data is correct and the original copy of the document is used to verify the copy.

8. Access to and Correction of Personal Data

Upon request, we will process our customer’s/ third party’s/ employee’s request and provide them with access to personal data or other appropriate information on their personal data in accordance with the requirements of the Data Privacy Act, which is made known to our customers via the Terms and Conditions, this policy and in the Loan Contract. 

Upon request, we will correct an error or omission in the individual’s personal data that is in our possession or control in accordance with the requirements of the Data Privacy Act. The request will be processed within 5 working days. Should the DPO be unable to process the request within 5 working days, an interim email should be sent to notify the customer regarding the extension of time needed to process their request at any point of time before the expiry of the 5 working days.

Request for withdrawal of any consent given or deemed to have been given will be processed within 5 working days. We will inform the individual of the likely consequences of withdrawing their consent. Thereafter, we will cease (and cause any of our data intermediaries and agents, if any) collecting, using or disclosing the personal data unless it is required or authorised under applicable laws. Should the DPO be unable to process the request within 5 working days, an interim email should be sent to notify the customer regarding the extension of time needed to process their request after assessing their request before the expiry of the 5 working days. 

10. Accuracy of Personal Data

We ensure that personal data collected by us is accurate, genuine and up-to-date by verifying the data against the original relevant document or via verified sources.

11. Security and Protection of Personal Data

We have implemented generally accepted standards of technology and operational security to protect the personal data in our possession or under our control and to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal, retention or similar risks. The Company’s personnel observes a strict internal policy. Access to personal data are only given to our personnel on a necessary basis, kept to a minimum and where they have agreed to ensure confidentiality of this information.

12. Retention of Personal Data

The minimum retention period of information relating to the loan, which includes our customer’s personal data by law is 5 years after the termination of the loan. Thereafter, we will cease to retain their personal data, as soon as it is reasonable to assume that the purpose for collection of such personal data is no longer being served by such retention, and such retention is no longer necessary for legal or business purposes. 

The retention of information related to employee will be retained and will not be disposed off for review and record-keeping purposes.  

13. Transfer of Personal Data Overseas

Information, including Personal Data, may be transferred to and maintained on computers/servers located outside of the Philippines.

In the event of a transfer of data overseas, we will ensure that should there be any transfers of personal data to a territory outside of the Philippines will be in accordance with the Data Privacy Act so as to ensure a standard of protection to personal data so transferred that is comparable to the protection under the Data Privacy Act should the need arises.

If identifiable personal data need to be sent overseas, we will take appropriate steps to ensure compliance with the data protection requirements in Data Privacy Act. This includes:

  • Imposing legally enforceable obligations on the recipient to provide to the personal data transferred, a standard of protection that is comparable under the Data Privacy Act such as :
  1. Any law;
  2. Any contracts with overseas recipient that requires recipients to provide a comparable standard of protection and specifies the countries & territories to which the personal data may be transferred to; or
  3. Have binding corporate rules with overseas recipient(s) to provide a comparable standard of protection, specify the recipients, countries and territories to which the binding corporate rules apply, and the rights and obligations provided by the rules
  • Consent given after reading a written summary of the extent to which his/her personal data will be protected in the countries and territories that the personal data will be transferred to
  • The transfer is necessary for the performance of a contract between the organisation and individual / between the organisation and a third party 
  • The personal data is publicly available in the Philippines
  • Take necessary measures to ensure that personal data transferred will not be used or disclosed by the recipient for purposes other than the foregoing

14. Privacy on Our Websites

This Policy also applies to any personal data we collect via our websites. Cookies may be used on some pages of our websites. “Cookies” are small text files placed on your hard drive that assist us in providing a more customised website experience. Cookies are now used as a standard by many websites to improve users’ navigational experience. If individuals are concerned about cookies, most browsers permit individuals to decline cookies. In most cases, a visitor may refuse a cookie and still fully navigate our websites, however other functionality in the site may be impaired. After termination of the visit to our site, a visitor can always delete the cookie from his/her system if he wishes.

15. Notification

We endeavour to notify our customers and third party of any changes to this policy 14 days in advance after which the changes will be made effective and published on our website. The communication channel will be informed via our software application / email / text / written notice, at our discretion. 

Similarly, we endeavour to notify our employees of any changes to this policy 14 days in advance after which the changes will be made effective and published on our website. The communication channel will be informed via email / text / written notice / any channels specified in our Internal Communication Management. Kindly peruse this Privacy Policy periodically for any changes. Changes to this Privacy Policy are made effective as of the Effective Date.

16. Breach

A data breach has occurred if personal information that we hold is subject to unauthorised access or disclosure or is lost. In the event of a data breach, we will assess and respond to the data breach in accordance with our applicable policies and procedures. If a data breach involves sensitive personal information or other information that may, under the circumstances, be used to enable identity fraud are reasonably believed to have been acquired by an unauthorized person; and where we reasonably believe that such data breach is likely to give rise to a real risk of serious harm to the affected individual, such as loss or harm, financial or otherwise, we will endeavour to promptly notify you of the data breach within 24 hours.

17. Service Providers

We may employ third party companies and/or individuals (“Third Parties”) to facilitate our Service to provide the Service on our behalf. Therefore, these Third Parties may have access to your Personal Data in order to carry out their duties consistent with the purposes set forth in this Privacy Policy, on our behalf and are obligated not to disclose or use it for any other purposes.

18. Data Protection Officer

If our customers believes that information we hold about him/her is incorrect or outdated, or if an individual has concerns or further queries about how we are handling his/her personal data or queries regarding the Terms and Conditions and this policy, they may contact our Data Protection Officer at dpoph@crawfort.com. Employees may contact our HR at hrph@crawfort.com.

We will collect, use or disclose personal data for employment and reasonable business purposes only if there is consent or deemed consent from the individual and information on such purposes have been notified. We may also collect, use or disclose personal data if it is required or authorised under applicable laws.

Such consents are obtained from our customers via application form, signing of loan contracts or by customer’s declaration that they have read and consent to our Terms and Conditions to collect, use, retain, dispose, handle, transfer, process and/or disclose your personal data, in accordance with this privacy. Employee – by signing consent form.