Privacy Policy

FINGERTIP FINANCE CORP. (formerly Fingertip Lending Corp.) doing business under the name and style of Big Loan (Fingertip) is committed to protecting the privacy of its data subjects, and ensuring the safety and security of personal data under its control and custody. This policy provides information on what personal data is gathered by FINGERTIP about its current, past, and prospective clients and employees; how it will use and process this; how it will keep this secure; and how it will dispose of it when it is no longer needed.

This information is provided in compliance with the Philippine Republic Act No. 10173, also known as, the Data Privacy Act of 2012 (DPA) and its Implementing Rules and Regulations (DPA-IRR). It sets out FINGERTIP's data protection practices designed to safeguard the personal data of individuals it deals with, and also to inform such individuals of their rights under the Act.

This Data Privacy Notice and Consent Form may be amended at any time without prior notice, and such amendments will be notified to you via FINGERTIP's website or by email.

FINGERTIP collects, stores, and processes personal data from its current, past and prospective clients and employees, starting with the information provided at application and to information collected throughout the whole course of the transaction by the client or in the course of their employment or engagement by the employee or consultant with FINGERTIP and its affiliates and/or subsidiaries. This will include but not limited to the following:

FINGERTIP may also collect, store, and process personal data and information of persons in the data subject's contact list in his or her mobile device, whom he or she nominated as her reference and/or guarantor, for proper identification and verification of data subject's identity, fraud prevention, credit scoring and credit verification to establish credit worthiness of the data subject, and compliance to the Anti-Money Laundering and Terrorist Prevention Laws of the Republic of The Philippines. The disclosing data subject may be requested to give consent in sharing the personal data of those persons in his contact list, and may include but not limited to personal data such as name, mobile number, relationship with the disclosing data subject, residence and email address, and employment details. For this, it is the obligation of the disclosing data subject to inform the nominated reference and/or guarantor and obtain the appropriate consent of the latter.

Relative to the immediately preceding paragraph, data subject is also informed that FINGERTIP may make and manage phone calls for proper identification and verification of data subject's identity, fraud prevention, credit scoring and credit verification to establish credit worthiness of the data subject, compliance to the Anti-Money Laundering Laws of the Republic of The Philippines, and enhance user experience of data subjects.

Furthermore, data subjects may also allow FINGERTIP to access the mobile devices location for purposes of fraud prevention and detection, compliance to the Anti-Money Laundering and Terrorist Prevention Laws of the Republic of The Philippines, and enhancement of user experience of data subjects.

The information we collect will include but not limited to:

For FINGERTIP Clients

• Contact information, such as, name, addresses, telephone numbers, email addresses and other contact details;
• Personal information, such as date and place of birth, nationality, immigration status, religion, civil status, company ID, government-issued IDs, web information, recommendations and assessment forms from present and previous employees, etc.
• Demographic and lifestyle information of the client;
• Disclosures on family background, including information on parents, guardians, siblings, related FINGERTIP stockholders, directors, and/or employees, etc.
• Photographic and biometric data, such as, photos, CCTV videos, fingerprints, handwriting and signature specimens
• Employment Records, educational data, including data gathered using third party online tools or sourced from third party service providers;
• Financial data including but not limited to the disclosures from BAP, NFIS, CIC and other credit unions or reporting agencies, and/or transaction records/history with banks and/or other financial institutions;
• Contact information of the client's reference and/or guarantor. The data to be collected shall include but not limited to the following: including but not limited to the following personal data: name, address, phone numbers, email, employment, and his/her connection with the client;
• Information FINGERTIP receives when making a decision about the data subject; data subject's loan or application (including information collected from credit bureaus or other sources); details of the loans the data subject have and have had with us and all transactions; details of when the data subject contacted FINGERTIP and when the latter contacted the data subject; mobile device data and access (such as SIM, IMEI, device ID or other device identifiers, type of device, device operating system, device settings, user account information for data subject's mobile device, or mobile app store account, information about mobile network provider, device specifications); social media account details, geolocation data (such as mobile device location, time zone setting); phone data (such as contact lists (for App Store iOS device only), metadata, SMS metadata, types and nature of mobile applications found or installed on data subject's mobile device); mobile app usage data (such as traffic volume, mobile app usage) and telecommunications usage data or "telco usage score," and any other information which FINGERTIP reasonably need to make decisions about the data subject's loan application or fulfil regulatory obligations.
• Relevant data on Client's Social Media Account/s (i.e., Facebook or Instragram), subject to the appropriate privacy restrictions;
• Relevant and limited Bank Account details of the clients, to facilitate disbursement, to authorize digital payments or auto-debit arrangements;
• Other personal and/or sensitive personal information, which was disclosed to FINGERTIP through the transaction;

FINGERTIP shall collect information about the data subject in the following ways:

1. Information that the data subject provided FINGERTIP through communications with FINGERTIP employees or its mobile and/or website application;

2. Information that the data subject authorized FINGERTIP to collect through its applications, such as photographs obtained via access to data subject's smartphone camera or photo gallery, phone, email, or social media contact lists and metadata for the purpose of KYC and preventing fraud, or credit scoring and/or verification;

3. Information from the affiliates and authorized partners of FINGERTIP (Digido Finance Corp. and its Online Lending Platforms- Digido, UnaPay and UnaCash). Appropriate Data Sharing Agreement between FINGERTIP and the affiliate/s and authorized partner/s has been executed ensuring that all shared personal information comply with applicable privacy laws and data protection regulations.

4. Information from outside sources such as credit bureaus and customer service providers to help us with customer verification and credit-related decisions.

For Clients

The collected personal data is used solely for the following purposes:

1. Processing of credit application of client and confirmation of the identity of prospective client and their reference or guarantors;

2. Processing of credit application, including verification and confirmation of all disclosed personal and sensitive information.;

3. Conduct of the 'Know Your Client' exercises to establish and verify the identity of the prospective client, prevent and/or detect possible attempts to commit fraud and other related criminal offenses, credit scoring, credit verification, and comply with the regulations of the Anti-Money Laundering Council;

4. Conduct credit checking and other verification procedures with the nominated Character References, subject to the provisions of the application regulations of the National Privacy Commission;

5. Analyze disclosed personal data of the data subjects and data subject's reference or guarantor/s, to be able to craft products and services tailored the needs and requirements of the data subjects;

6. Verifying authenticity of financial and personal records and documents;

7. Analysis, validation and evaluation of the financial documents, to establish credit worthiness of the client and determine potential risks. This includes sharing of client's personal data and sensitive personal information to Third-Party Service Providers (TPSPs) such as JuicyScore (https://score.jcsc.online/), ID Meta, and Finscore, for risk profiling, risk scoring, identity verification and validation, and fraud detection and/or prevention, using automated-identity verification systems. TPSP such as JuicyScore uses these shared personal data and sensitive personal information, for and in behalf of FINGERTIP, only for the purposes specified in the Service Level Agreement and as described herein, to which the existing and prospective clients' consents. JuicyScore, Finscore, and all other TPSPs FINGERTIP contracted to process personal data and/or sensitive personal information shall not keep, retain, and/or maintain FINGERTIP's existing and prospective client's personal data or sensitive personal information FINGERTIP shared to them;

8. Facilitate and complete the transaction applied, share it within our group of companies and offer the clients products suitable or relevant to their requirements and/or profile;

9. Protect personal information and sensitive personal information disclosed to secure accounts from fraud and other illegal activities;

10.Perform legal and regulatory duties to further improve due diligence in anti-money laundering and counter-terrorism efforts as well as other mandatory and required activities by the law or regulations by our supervising agencies;

11. Settle claims or disputes involving FINGERTIP's products and services. The personal data or sensitive personal information may also be used for prosecuting or defending FINGERTIP or its employees when needed;

12. Store collected personal data in a secured onsite and/or cloud storage, within the allowed retention period set by the law;

13. Share or disclose personal data and/or sensitive personal information to third-party service provider, as may be required by law, regulation, or by a court order;

All personal data and information collected and/or were disclosed by the data subjects by reason of their application, transaction, and/or any interaction with the Corporation will be uploaded and stored on our servers and will not be shared with any third party.

FINGERTIP will not share your personal data with third parties unless necessary for the above-mentioned purposes and unless you give your consent thereto.  Such third parties may include FINGERTIP's business units, subsidiaries, affiliates, agents, outsourced service providers and other third parties for marketing and related activities, enhance customer experience, enhance security and anti-fraud efforts, strengthen AML and Data Privacy Protocols between the data subjects and partner-merchants, and to upgrade but simplify and unify KYC Processes between and platform users.

FINGERTIP engages outsourced service providers to support it in delivering services to its data subjects.  FINGERTIP's third parties include government regulators, judicial, supervisory bodies, tax authorities or courts of competent jurisdiction.  FINGERTIP engages third parties for the following reasons:

• Verify data subject's personal information
• Assist in business operations
• Comply with legal requirements
• Enforcing FINGERTIP's terms of use including, among others, its rights as creditor to customers availing of our loan or credit products, or such other applicable policies with respect to the services that we provide
• Addressing fraud, security or technical issues, to respond to an emergency or otherwise protect the rights, property or security of our customers or third parties
• Carrying out all other purposes set out above

Personal data shared with third parties shall be covered by the appropriate agreement to ensure that all personal data is adequately safeguarded. Personal data and sensitive personal information shared to third parties outside the Philippines or those involving cross-border transfers shall comply with the principles of Proportionality, Transparency, and Legitimate Use. Appropriate technical, organizational, and physical security measures shall be embodied in the appropriate agreement, and it shall be implemented and respected, regardless of the law of the jurisdiction where the third party is located or operating.

FINGERTIP does not, will not, sell personal data to any third party.  All our engagements with third parties shall be fully-compliant with our obligation of confidentiality imposed on us under applicable agreements and/or terms and conditions or any applicable laws that govern our relationship with you.

Personal data under the custody of FINGERTIP shall be disclosed only to authorized recipients of such data. Otherwise, we will share your personal data with third parties only with your consent, or when required or permitted by our policies and applicable law.

Where FINGERTIP consider it necessary, indispensable or appropriate, for the purposes of data storage, enhanced security, account processing, providing any service or product on our behalf to you, or implementing new or enhanced system for our products and services, we may transfer the custody of your personal data to third parties within or outside of the Philippines, under conditions of confidentiality and similar levels of security safeguards.

FINGERTIP strictly enforces data privacy and information security policies.  It implements technological, organizational and physical security measures to protect your personal data against loss, misuse, modification, unauthorized or accidental access or disclosure, alteration or destruction.  We put safeguards such as the following:

• We keep and protect data using a secured server behind a firewall, deploying encryption on computing devices and physical security controls
• We restrict access to your personal data only to qualified and authorized personnel who hold your personal data with strict confidentiality
• We train our employees to properly handle your data and
• We require our third parties to protect personal data aligned with our own security standards.

We continue to implement organizational, administrative, technical, and physical security measures to safeguard your personal data. Only authorized personnel have access to your personal data, the exchange of which is facilitated through internal shared servers, email, and paper files.

Should third parties need access to your personal data, we require some form of data sharing agreement with them, in compliance with the DPA and the DPA-IRR.

The hard copy of the documents submitted to FINGERTIP and its digital files are securely stored: employing physical security in its principal place of business to safeguard the paper files and technical security to protect the digital files.

FINGERTIP stores personal data and sensitive personal information in a data center (on premise and cloud) and physical document storage facilities.

It retains personal data only according to its operational needs and in compliance with legal and regulatory purposes or requirements.  FINGERTIP's data retention and disposal policy is in accordance with R.A. 9470 (National Archives of the Philippines Act) and AMLC and/or BSP regulations, if applicable.  In general, FINGERTIP shall only retain your personal data and sensitive personal information for five (5) years after the processing relevant to the purpose has been terminated.  However, FINGERTIP may retain your data when necessary to establish, exercise or defend legal claims, for legitimate business purposes, or when provided by law.

In compliance to NPC Circular No. 20-01, as amended by NPC Circular No. 2022-02, data subjects are given the option to disable features and functionalities relating to disclosure of personal data of reference and/or guarantors within the mobile app/platform, after the completion of the processes, where such personal data or information was collected. However, notwithstanding the aforementioned provisions of the law, FINGERTIP has the right to continue processing information about a person even without his consent in cases where this is necessary to protect the life, health or other vital interests of the data subject, the operator or third parties or where it is directly enshrined under Sec. 13 of the Data Privacy Act of 2012.

Data subjects should ensure that personal data submitted to FINGERTIP is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with products and services you have requested. Data subjects should inform FINGERTIP immediately of any change of facts or circumstances which may render any personal data or information previously provided inaccurate, untrue, or incorrect and provide any information or documentation FINGERTIP may reasonably require for the purposes of verifying the accuracy of the updated information or personal data.

FINGERTIP strongly encourage data subjects to be vigilant in protecting your personal data by ensuring that their account details, PINs, username and password are secured and not disclosed to others or written somewhere accessible to others.  FINGERTIP advises the data subjects to exercise caution in protecting themselves against phishing, skimming and other electronic fraud and to remain alert for suspicious-looking offers, pretending or representing from the Corporation. FINGERTIP advises its clients that FINGERTIP will only communicate through its official channels and applications.

Under the Data Privacy Act, data subjects have the following rights:

1. Right to be informed

Borrowers have the right to be informed about how their personal data is collected, used, stored, and shared by Fingertip Finance Corp. This information is made available through our Privacy Policy and can also be requested directly from our Data Protection Officer (DPO).

2. Right to object

Borrowers may object to the processing of their personal data, especially if it is being used for direct marketing, profiling, or automated decision-making. Requests to object may be submitted in writing, and Fingertip Finance Corp. will review and respond in accordance with applicable laws.

3. Right to access

Borrowers have the right to request and obtain a copy of the personal data that Fingertip Finance Corp. holds about them. They can do so by contacting the DPO and completing a data access request form for verification and processing.

4. Right to rectify or correct erroneous data

Borrowers may request correction or updating of any inaccurate or incomplete personal data in our records. Requests must include sufficient documentation to support the requested changes, which will be validated and updated accordingly.

5. Right to erase or block

Borrowers can request the deletion or blocking of their personal data if it is no longer necessary, unlawfully processed, or upon withdrawal of consent. Fingertip Finance Corp. will assess each request based on legal grounds and respond within the prescribed timeframe.

6. Right to secure data portability

Borrowers may request to receive their personal data in a structured, commonly used, and machine-readable format, or have it transmitted to another data controller. Such requests can be made in writing and will be processed after verifying the borrower’s identity and the validity of the request.

7. Right to be indemnified for damages

Borrowers who suffer damages due to the unlawful processing of their personal data have the right to claim compensation. Fingertip Finance Corp. takes such matters seriously and will investigate all claims in accordance with the law.

8. Right to file a complaint

Borrowers may file a complaint with Fingertip Finance Corp. or directly with the National Privacy Commission (NPC) if they believe their data privacy rights have been violated. Complaints can be submitted via email, our website, or in writing to our DPO for prompt resolution. FINGERTIP’s decisions to provide access, consider requests for correction or erasure, and address objection to process data as it appears in its official records, are always subject to applicable internal policies, relevant laws and regulation.

The Borrower agrees that FINGERTIP, directly or through its Partners, may collect, retrieve, process, use and store his/her personal data such as name, age, photographs, fingerprints, other biometric data (e.g., facial recognition and voice recognition), mobile number/s, mobile phone usage data, employment details, income, financial data, financial profile, credit standing, loan payment history, and other information required in the application form for the purpose of reviewing and processing the Borrower's loan application. The Borrower consents to the collection of his/her personal data from the Borrower her/himself, or from other personal information controllers such as, but not limited to, telecommunications companies (e.g., Globe, PLDT, Smart, Sun Cellular), for credit scoring purposes. The Borrower's personal data such as mobile number, email address, and address, will be shared to a credit scoring service provider for credit investigation, credit scoring, data analytics, and data profiling, which includes the regular updating of the Borrower's credit score. The personal data secured may also be used for direct marketing of products and services of Partners of the FINGERTIP. Throughout the processing of the Borrower's personal data, his/her rights under the Data Privacy Act of 2012, such as the (1) right to be informed, (2) right to object, (3) right to access, (4) right to rectification, (5) right to erasure or blocking, and (6) right to damages, shall be upheld. Entities to whom FINGERTIP share Borrower's personal data will also respect the same rights.

For further inquiries or complaints, please get in touch with us at 09171454094 or e-mail us at dpo@bigloan.com.ph.

FINGERTIP may amend this Data Privacy Notice in whole or in part to ensure that it is consistent with industry trends, legal and regulatory requirements applicable to how we handle your personal data and to ensure better protection of your personal data or information.  Relevant updates will be posted on this site.

Consent

The submission of personal data and information by the data subject to FINGERTIP signifies that he or she have read and understood the above Privacy Notice and expressly agree and give his or he consent to the processing of his or her personal and/or sensitive personal information in the manner and for the purpose provided in this Notice.  The data subject understands and accepts that this will include access to personal data and records submitted, which may be regarded as personal and/or sensitive personal data as provided under the Data Privacy Act of 2012.

FINGERTIP is also authorized to disclose the data subject's data to accredited/affiliated third parties or independent/non-affiliated third parties, whether local or foreign, in the following circumstances:

• As necessary for the proper execution of processes related to the declared purpose;
• The use or disclosure is reasonably necessary, required or authorized by or under law; and
• Provided security systems are employed to protect the personal data or information;

Consenting to this Privacy Notice, however, does not waive any of the data subject's rights under the Data Privacy Act of 2012.

For complete reference on the Data Privacy Act, please visit the National Privacy Commission website at  https://www.privacy.gov.ph/.