Privacy Policy
Last updated: January 26, 2023
I. Introduction
YUFIN endeavors to ensure compliance with the Personal Data Protection Act of 2012 (“PDPA”), the European Union’s General Data Protection Act (“GDPR”), the Philippine Data Privacy Act of 2012 (“DPA”), and all other laws relating to data privacy.
This Privacy Policy (“Policy”) set outs how your personal data may be collected, used, and/ or disclosed by us. For the purposes set out below, it may be necessary to collect, use and/or disclose personal data about your dependents, assignees, or guarantors (where applicable) as well as your personal data and such other personal data (to be collectively referred to as the “Personal Data”).
We collect Personal Data about our customers, partners, service providers and other interest groups, about the users of our website and mobile applications, and about the individuals that attend any events (including any attendees, delegates, exhibitors, speakers or invitees) organized by us (individuals about whom we collect Personal Data shall herein be referred to as “you” in this Privacy Policy).
II. About this Policy
This Privacy Policy (“Policy”) sets out the essential details relating to your Personal Data relationship with us, particularly under the PDPA, GDPR, DPA and other related laws. This shall apply to all our services and any associated Services (“Services”). It sets out how we collect your Personal Data, what Personal Data we collect, how we use it, and what rights you have in relation to our processing of your Personal Data.
For the purposes of this Policy, “Personal Data” refers to any information, whether true or not, relating to an identified or identifiable natural person.
III. YUFIN’s Role in Data Processing
Under this Policy, a “Data Controller” is an individual or entity (such as a company, public authority, agency or other body) which determines the purposes and means of the processing of your Personal Data.
A “Data Processor” is an individual or entity (such as a company, public authority, agency or other body) which processes Personal Data on behalf of the Data Controller. The terms “process” or “processing” and other similar terms have a broad meaning and include any operation concerning your Personal Data such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
We are the Data Controller of the Personal Data that we hold about you and will only process the Personal Data in accordance with this Policy. We may from time to time engage third parties to facilitate the administration of this Data and the provision of our Services. When engaging such third parties, we will only disclose your Personal Data where it is necessary, and provide that they work strictly in accordance with our instructions. These third parties will not use any Personal Data for their own purposes except as permitted under any applicable law. Where appropriate, we shall also ensure that the third parties have in place appropriate technical and organizational security measures to protect your Personal Data and undertake to comply with all their obligations as a Data Processor of your Personal Data.
IV. How we collect Personal Data
Depending on the nature of your interaction with us, we use different methods to collect Personal Data from and about you, including without limitation, through:
(a) Direct Interactions
We may collect your Personal Data when you engage us for and in relation to any of our Services whether in person, in writing, orally, through our website or mobile applications, such as:
(i) When any form is completed and submitted to us with your consent in relation to any product or service offered by us, whether in hard copy or electronic copy through web or mobile applications and whether a transaction takes place or not;
(ii) In the course of any communication or exchange between you and us in relation to any product or service offered by us, including face-to-face exchanges, telephone calls, letters, fax and e-mail;
(iii) When you attend any of our Events (e.g. registration forms, subscribe to our mailing list, and photographs, videos and/or audio recordings taken by us or our representatives at our Events);
(iv) We may also collect Personal Data to comply with any Services you request, to correspond with you and/or where you submit your Personal Data to us for any other reason (whether voluntary or otherwise).
(b) Automated Interactions
We may automatically collect your Personal Data when you interact with us (e.g. via the use of our website, mobile applications or electronic communications) from cookies, or other technology deployed for the collection of statistical data. For more information on tracking, please refer to clause X below. Additionally, we may capture your image, photograph, videos, CCTV footage or recordings when you participate in our Events, request our Services or are within our premises.
(c) Third Parties
We may collect your Personal Data from third parties (e.g. employer, travel agencies or banks or other organizations with whom you have dealings with) for the purposes of providing our Services and/or in connection with our Events, including Personal Data in publicly available sources.
Where your Personal Data is collected from third parties, we will only use such Personal Data where you have provided your consent to the third party which would also cover our processing of your Personal Data, where you have provided consent directly to us for such processing, or where we have a legitimate interest to use the Personal Data in order to provide you or a third party with our Services.
If you are submitting Personal Data of another individual to us, you confirm that such Personal Data is true and correct. You further confirm that you will not provide us with any Personal Data unless you have ensured that you have obtained all necessary consents and/or have provided any required notices to the individuals. Alternatively, you may provide Personal Data to us if you have another legal justification to provide such information to us so that we can use it for the purposes and on the bases set out in this Policy.
V. What Personal Data we collect
The type and quantity of Personal Data we collect and how we use it depends on the purpose for which you provided such Personal Data. We will seek to minimise our collection to what is needed to perform each relevant function or service.
Generally, we may collect, use, process, store and transfer different kinds of Personal Data about you when you participate in our Events or engage us for our Services, including the following:
Identification information (including photographs, videos and audio recordings);
Contact information; Including Mobile number and Email address;
Business or employment information;
Payment information; Information relating to the usage of our Services and/or in connection with our Events; and
Other information you may choose to provide us.
VI. How do we use your Personal Data
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will only do so if legally permitted and where you are provided with appropriate notice.
To the extent permitted under the PDPA, we may process your Personal Data based on consent. Such consent may be express, based on your agreement to any agreement which incorporates these terms or deemed based on the circumstances by which we interact with you. We may also process your Personal Data where permitted by any exception in the relevant schedules to the PDPA.
Notwithstanding the above and where permitted under any other applicable law, and where the GDPR or DPA applies, we will generally process your Personal Data in accordance with one or more of the following:
a. it is necessary for the performance of a contract with you;
b. it is necessary in connection with a legal obligation;
c. you have provided us with consent;
d. it is necessary to establish, exercise or defend a legal claim;
e. the information is available in the public domain; and/or
f. it is necessary for our legitimate interest (or those of a third party).
The particular legitimate interest upon which we rely on includes, without limitation, the following
a. evaluating financial needs for the purposes of providing recommendations of products and services offered by us;
b. assessing and processing any application or request received by us in relation to any product or service offered by us;
c. verifying and validating identity;
d. making payments;
e. providing communication in relation to any product or service offered by us, including policy updates, changes in applicable terms or conditions, status of policy, etc;
f. administering, maintaining, managing and operating the products and services offered by us;
g. promoting the products and services offered by us;
h. conducting market research and analysis to help us improve the products or services offered by us or to develop new products or services;
i. managing our administrative and business operations;
j. facilitating our management of business or commercial risks;
k. performing or updating transactions on your account;
l. maintaining the security of our premises (including the use of security cameras);
m. provision of training to our employees or financial adviser representatives;
n. facilitating any business transactions, including corporate restructuring, mergers, acquisitions, or asset disposals;
o. in the course of legal proceedings;
p. investigating or addressing feedback or complaints received;
q. reporting, preventing, detecting and investigating potential unlawful or improper activity, including suspicious transactions, fraud and money-laundering;
r. delivery or mailing of certificates, correspondence, statements, invoices, reports or notices to you which may disclose certain personal data about you on the envelopes/mail packages;
s. Recruitment;
t. organisation of functions, seminars, and contests and communications with you on the same;
u. ensuring compliance with applicable foreign and domestic laws and regulations, codes of practice and/ or guidelines including disclosure to any stock exchange and any applicable treaty or agreement applicable to us;
v. attending to regulatory or audit enquiries;
w. assisting in regulatory investigations or law enforcement;
x. complying with YUFIN group policies and procedures and any other purposes directly relating to the administering and/or managing your relationship, account and/or policy(ies) with us;
y. to perform our obligations in the course of providing our Services or in connection to one of our Events;
z. to manage our relationship with you and facilitate the provision of our Services;
aa. to monitor, analyse and protect our business, including the activities of individuals at our Events or in the provision of Services;
bb. to facilitate our internal business operations;
cc. to comply with any requests from you; dd. to personalize your customer experience, develop our business and/or improve on our Services.
Please note that if you choose not to provide us with your Personal Data or choose not to consent to our processing of your Personal Data, we may not be able to provide some or all our Services to you or respond to your other requests.
These purposes may continue to apply even in situations where your relationship with us has been terminated or altered in any way. In such cases, we may still retain personal data relating to you and use or disclose such information for legal or business purposes, including for compliance with the PDPA, GDPR, DPA and/or other applicable laws.
VII. Disclosing your Personal Data
We may disclose your Personal Data to third parties, from time to time, but will only transfer such Personal Data in these circumstances where we are satisfied that it will be subject to an appropriate level of protection and in accordance with any safeguards that may be legally required. Some of these parties may include:
a. Prospective or actual business partners, investors, assignees or transferees;
b. Our representatives;
c. Financial advisers, agents, brokers, or affinity partners who distribute or promote our products;
d. Agents, contractors or third party service providers we have engaged;
e. Agents, contractors or third party service providers we have engaged to provide such services as marketing and research, communications, telecommunications, telemarketing, customer servicing, information technology, data entry or processing, printing, dispatch, mail distribution, payment, training, data storage or archival, disaster recovery and business continuity;
f. Banks, CPF agent banks, credit card companies and their respective service providers;
g. Our insurers or reinsurers;
h. Our professional advisers, including auditors and legal advisers;
i. Credit Bureau (Singapore, Philippines);
j. Debt collection agencies;
k. Your family, relatives, appointed administrator(s) or executor(s) of your estate or affairs and their professional advisers;
l. Foreign or domestic regulators or law enforcement agencies, including the Police, Corrupt Practices Investigation Bureau, Singapore Customs, Monetary Authority of Singapore, Central Provident Fund Board , Inland Revenue Authority of Singapore, Land Transport Authority, Ministry of Manpower and Ministry of Health; BSP, Department of Finance, Republic of the Philippines, other government agencies in the Philippines.
m. Any party to a dispute before (and including) a court of law, tribunal, arbitrator or dispute resolution center such as the Financial Industry Disputes Resolution Centre;
n. Any party you authorise us to disclose the Personal Data to;
VIII. Data Protection and Retention
(a) Protection and Security
As part of our commitment to protecting your privacy, we implement appropriate technical and organization measures to protect your Personal Data against accidental, unauthorized or unlawful use, disclosure, access, destruction, loss, change or damage. Some of the measures we have taken include pseudonymization, encryption, limited access and robust retention policies. Nevertheless, do note that while we will endeavor to take all reasonable measures to protect your Personal Data, you should similarly take all necessary precautions, such as implementing strong passwords, limiting access to your computer and avoiding misplacing any documents or access passes.
(b) Retention
We keep your Personal Data only for as long as necessary to provide you with the Services, to fulfill our processing purposes, in accordance with our legal obligations and for legitimate business purposes.
The retention period for your Personal Data may vary based on the specific circumstances. Nevertheless, in determining the appropriate period to lawfully retain your Personal Data, we will consider inter alia, the:
(i) amount, nature and sensitivity of Personal Data;
(ii) purposes for which Personal Data is retained;
(iii) appropriate security measures and, if any, relevant technical constraints; and
(iv) applicable legal requirements.
Kindly note that if you request that we stop sending you marketing materials, we may keep a record of your contact details and appropriate information to enable us to comply with your request not to be contacted by us. In such instances, we will endeavor to retain only minimal Personal Data to effect the above.
Nonetheless, if you withdraw your consent (where we rely on consent as our legal basis) or object to our processing of your Personal Data, you may at any time request that we erase or delete your Personal Data. Please note that any withdrawals of consents are subject to there being no legal or contractual restrictions preventing you from doing so.
Upon receipt of such request, we shall, within a reasonable time, delete or anonymize your Personal Data unless we are legally permitted or required to retain such Personal Data (e.g. ongoing dispute, tax or obligations, accounting purposes, compliance with any legal obligations).
Please note that the withdrawal of certain consents may result in our inability to continue to provide certain products or services or in the termination of a contract or contracts entered into with us, and we hereby reserve our rights in such event.
IX. Transfer to other countries
In the provision of our Services, the Personal Data we collect may be transferred to and processed by third parties in other countries. In all such instances, we shall ensure that the transfer of your Personal Data is carried out in accordance with any applicable laws and that appropriate safeguards (e.g. contractual, technical and organizational measures) are put in place before such transfer takes place.
X. Tracking and Online Applications
(a) Tracking
Our website and applications use cookies and other tracking and analytics tools in order to facilitate your experience when accessing or using any of our online sites or apps.
Our cookies may be session cookies (temporary cookies that identify and/or track users within our websites, applications, or systems which are deleted when you close your browser or leave your session in the application, or system) or persistent cookies (cookies which enable our websites, applications, or systems to “remember” who you are and to remember your preferences within our websites, applications, or systems and which may stay on your computer or device after you close your browser or leave your session in the application or system).
We use cookies, session data, and event data which are necessary for the functioning, operation, and optimization of our websites, applications, and systems. In addition, we may also use these to track, record and analyze data in relation to the activity on our website or applications (e.g. traffic and volume, usage statistics, operating system, referral source, or device information), or that allow us to recognize you whenever you return to our website for us to customize your browsing experience based on your preferences.
Please note that if you choose not to receive cookies or have your interactions tracked by our tools, you may still continue to use our applications, although we may not be able to provide you with their full functionality or access.
(b) Websites
On our website, we may, from time to time, display advertisements or provide links to third party websites. In these instances, kindly note that we cannot be held responsible or liable for the privacy practices and policies of the third party. As such, please read the privacy policies of such third parties to find out how they process and collect your Personal Data.
(c) Mobile Applications
On our mobile applications, we may, from time to time, display advertisements or provide links to third party websites or mobile applications. In these instances, kindly note that we cannot be held responsible or liable for the privacy practices and policies of a third party. As such, please read the privacy policies of such third parties to find out how they process and collect your Personal Data.
XI. How to Access and Control Your Personal Data
Individuals are given rights in relation to their Personal Data pursuant to the applicable law. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. Where we are Data Processors, we will assist the Data Controller as far as reasonably possible to help them respond to your requests.
For security reasons, kindly note that, in relation to certain rights, we may request for information to verify your identity before processing your request.
In general, the rights afforded to individuals are:
(a) Right to Access
The right to be informed of and request access to the Personal Data that we process about you. This will enable you to check what Personal Data we are processing and whether the processing is lawful. Depending on the nature of access request and/or if further copies are to be requested by the requesting party, we may charge a reasonable fee for these.
(b) Right of Correction/Rectification
The right to request that we amend or update your Personal Data where it is inaccurate or incomplete. Kindly note that while we shall make a reasonable effort to ensure that the Personal Data we collect is accurate and complete, you are responsible for ensuring the accuracy of the Personal Data that you provide to us directly.
(c) Right to Withdrawn Consent
You have the right to withdraw your consent at any time, where consent is the legal basis of the processing of your Personal Data. Kindly note that depending on the nature and scope of your request, we may not be in a position to continue performing our obligations in the course of or in connection with the Event to you.
For individuals covered by the GDPR, DPA or other applicable laws, they also have the following rights (as available and subject to any applicable law):
(d) Right to Erasure
The right to request that we temporarily or permanently stop processing all or some of your Personal Data.
(e) Right to Object
The right to object to your Personal Data being processed by us for direct marketing purposes, or to, at any time, object to us processing your Personal Data on grounds relating to your particular situation
(f) Right to Data Portability
The right to request a copy of your Personal Data in electronic format and the right to transmit that Personal Data for use in another party’s service.
(g) Right not to be subject to Automated Decision-making
The right to not be subject to a decision based solely on automated decision-making where the decision would have a legal effect on you or produce a similarly significant effect.
If we send you electronic marketing messages based on your consent or as otherwise permitted by applicable law, you may, at any time, respectively withdraw such consent or declare your objection at no cost. The electronic marketing messages you receive from us will also include an “unsubscribe” option within the message itself to enable you to manage your Personal Data. Please note that if you opt-out of receiving direct marketing materials, we may still send you non-promotional messages, such as receipts or information about the Services we are providing to you.
Additionally, you have the right at any time to lodge a complaint with your local Data Protection Authority if you are unhappy with the way in which we are using your Personal Data.
In order to enable you to exercise these rights with ease and to record your preferences in relation to how we use your Personal Data, you may manage your privacy preferences at any time by contacting YUFIN.
XII. Changes to this Policy
Kindly note that from time to time, we may amend the terms of this Policy in order to respond to changes in any applicable law or where we develop or offer new Services. Where the terms of this Policy change, we will provide you with notice as appropriate under the circumstances, including by displaying the notice within our website or by sending you an email. Additionally, you may also wish to refer to the “last modified” date at the end of this Policy.
To the extent permitted under applicable law, by engaging us for our Services after such notice, you consent to our updates to this Policy.
XIII. Contact Us
If you have any complaints or questions about your privacy, your privacy rights, or how to exercise them, please feel free to contact YUFIN through its Data Protection Officer whose contact details are as follows:
GERALD CHUA
Data Protection Officer
#614, Felcris Centrale, 40-D Quimpo Blvd, Talomo, Davao City, 8000 Davao del Sur
We will respond to your request within a reasonable period of time upon verification of your identity (if applicable).
Appendix 1
Marketing Promotion example: interactive gamification
From time to time, yufin users may opt-in to submit assets like phrases, buzz words, photographs (for example, selfies) that would be scored on specific attributes by a mix of Yufin staff and AI models, for a fun interaction.
These assets, for example photographs, are permanently deleted every month and are not stored on any storage device by Yufin beyond this time period. Winners of such gamifications and contests will be announced on social media and also agree to have their winning entries published on social media. To the maximum extent permitted by applicable law, Yufin reserves the right, at its sole discretion to amend, withdraw or revise these terms and conditions and the rewards at any time without prior notice and in such event, Yufin shall not have any liability whatsoever.
Last modified: January 26, 2023