Chapter 1: General Provisions
Article 1: About This Policy
JaccsLoan (hereinafter referred to as the "App" or the "Service") is operated by VANTABLACK TECHNOLOGY CO. LTD. (hereinafter referred to as the "Company," "we," "us," or the "Platform"). We understand the value and sensitivity of personal data and are committed to handling your information with prudence, transparency, and in full compliance with applicable laws.
This Privacy Policy is designed to clearly explain to you:
- What information we collect and why
- How your information will be used, stored, and shared
- What rights you have over your data and how you can exercise them.
Article 2: Scope of Application
This Policy applies to the following channels:
- The JaccsLoan mobile application
- The official website: https://www.vantablacktech.com/
- Other online portals and digital interaction scenarios related to the Service.
Article 3: Your Consent
By using the Service, you signify that you have read, understood, and accepted all the terms of this Policy. If you do not agree to any provision of this Policy, please immediately stop using the App and related services.
Article 4: Platform Role and Responsibility Boundaries
4.1 Our Positioning
JaccsLoan is a financial technology service and loan distribution platform, focused on providing users with loan product information display, application facilitation, and process assistance services. We do not directly provide loan funds.
4.2 Partner Institution
Partner Company: JACCS Finance Philippines Corporation
Partner Company Address: 38th Floor, Robinsons Equitable Tower, ADB Avenue corner Poveda Street, Ortigas Center, 1605, Pasig City
Loan products are provided by our partner institution, which is a financing or lending company registered with the Philippine Securities and Exchange Commission (SEC) and holding a valid Certificate of Authority, falling under the category of non-bank financial institutions. Under the Lending Company Regulation Act (Republic Act No. 9474), lending companies must obtain a Certificate of Authority from the SEC before they may lawfully engage in lending business.
The partner institution is solely responsible for:
- Design, pricing, and risk management of loan products
- Borrower credit assessment and approval decisions
- Disbursement and management of loan funds
- Repayment processing and account maintenance
- Regulatory compliance and reporting.
4.3 Division of Responsibilities
We and our partner institution each perform our respective roles. Loan application information submitted by users through the Platform is, with the user's authorization, transmitted to the partner institution for review. The Platform does not participate in credit decisions nor assume legal liability as a lending entity.
Chapter 2: Collection of Personal Data
Article 5: Information You Voluntarily Submit
To complete the loan application and service connection, you may need to provide the following categories of information during your use:
5.1 Identity Information: Including your full name, date of birth, gender, nationality, information from valid government-issued identification documents (e.g., UMID, Driver's License, Passport, GSIS/SSS ID, PRC ID, Postal ID, etc.), and ID numbers, used to confirm your true identity.
5.2 Basic Personal Information: Including your educational background, marital status, number of dependents, email address, and mobile phone number, among other contact and social baseline details.
5.3 Financial and Employment Information: Including your source of income, monthly income amount, bank account details, occupation type, employer name and address, length of employment, and other financial and employment data used to assess repayment capacity.
5.4 Loan Application Information: Including the loan amount you are applying for, desired repayment term, purpose of funds, and other data directly related to this loan request.
Article 6: Device Permission Requests
To ensure service security, prevent fraud, and optimize user experience, we may, with your authorization, call upon the following device permissions:
6.1 Camera Permission
Purpose: Identity verification (KYC) and liveness detection, ensuring that account registration and loan applications are performed by the actual user;
Scenarios: Photographing government-issued IDs; facial selfies and face matching; completing liveness actions such as blinking or head turns;
Data Types: ID photos, selfie images, liveness detection footage;
Limitations: Used solely for identity verification and risk control; not used for marketing; not shared with unrelated third parties (except with your authorization to the partner institution).
6.2 Location Permission
Purpose: Risk assessment, fraud detection, and compliance zone verification;
Scenarios: Confirming that the user is within the permitted service geographic scope; assisting in identifying abnormal logins or application behavior; location consistency analysis in risk models;
Data Types: GPS precise location, network-based approximate location (IP/Wi-Fi/cell tower);
Limitations: Used only for risk control and compliance; no continuous background tracking (except in necessary risk scenarios); not used for advertising or data sales.
6.3 Contacts Permission
Purpose: Simplifying contact entries in the application process and assisting the risk control system in authenticity verification;
Scenarios: When users voluntarily choose emergency contacts or referral contacts, they may quickly read from the local address book to make selections; risk control models analyze contact structure consistency;
Data Types: Contact names and phone numbers;
Limitations: We will not actively contact anyone in your address book; not used for marketing or promotion; data is encrypted and used only within the authorized scope.
6.4 Device Advertising Identifier (IDFA/AAID)
Purpose: User behavior analysis, product experience optimization, and advertising performance statistics;
Scenarios: Analyzing in-app feature usage; optimizing loan product recommendation strategies; tracking advertising conversion effectiveness;
Data Types: iOS IDFA or Android AAID;
Limitations: This identifier cannot directly identify an individual; not linked to your ID information for marketing profiling; users may disable ad tracking in system settings.
Article 7: Automatically Collected Information
While you use the Service, we may automatically record the following technical information:
- Basic device information (model, operating system version, app version)
- Log information (access time, operation path, feature click sequences)
- Error reports and crash logs
- Preference settings and usage behavior data collected via cookies or similar technologies
- Telecommunications usage data and SMS metadata.
Article 8: Third-Party SDK Information Collection
To ensure business security and risk control, we use the TrustDecision SDK, which may access the following device information for fraud risk identification:
- Device identifiers (IDFA, AndroidID, OAID, GAID, MAC address)
- Network information (wireless IP address, Wi-Fi list, router identifiers BSSID/SSID)
- Device information (device type, device model, system type, device software version)
- Login information (login IP address, running processes, network type)
- Sensor information (light sensor, gravity sensor, magnetic field sensor, acceleration sensor, gyroscope sensor).
Chapter 3: Use of Personal Data
Article 9: Service Delivery
We use your information only for legitimate, clearly defined, and necessary business purposes, specifically including:
9.1 Identity Verification: Completing the full KYC process, using technical means such as document comparison, facial recognition, and liveness detection to verify your identity and effectively prevent identity impersonation risks.
9.2 Loan Application Processing: Systematically organizing the application information you submit, securely forwarding it to the partner institution, and continuously tracking the approval progress to ensure a smooth and fully traceable process.
9.3 Risk Assessment and Anti-Fraud: Building device fingerprints, behavioral models, and multi-dimensional association analyses to identify and block abnormal application behavior, multiple account registrations, and potential fraud risks, safeguarding the mutual interests of the Platform and its users.
9.4 Account and Customer Service: Continuously maintaining the security of your account, promptly responding to and handling various inquiries and requests arising during your use, and providing necessary operational support and assistance.
9.5 Credit Evaluation: Assessing your creditworthiness, including conducting credit checks and scoring, to assist the partner institution in making credit decisions.
Article 10: Compliance and Legal Obligations
We may process your information based on the following legal or regulatory requirements:
- Complying with the Philippine Data Privacy Act (Republic Act No. 10173) and its Implementing Rules and Regulations
- Fulfilling SEC compliance requirements for financing/lending companies
- Adhering to relevant issuances and regulations of the National Privacy Commission (NPC)
- Responding to information disclosure requests lawfully made by government agencies or judicial authorities
- Complying with the Anti-Money Laundering Act and the Anti-Terrorism Financing Act, and conducting anti-money laundering and politically exposed persons (PEP) screenings.
Article 11: Product Optimization and Experience Enhancement
Without identifying any individual, we may analyze aggregated or anonymized data for purposes including:
- Optimizing App interface interactions and workflows
- Improving system stability, load speed, and bug fixes
- Optimizing loan product displays and recommendation strategies based on user behavior patterns.
Article 12: Service Notifications and Communications
We will send you the following service-related information via SMS, in-app notifications, email, or third-party communication platforms (such as WhatsApp):
- Loan application status updates (submission successful, under review, approval result, disbursement notice)
- Repayment reminders (upcoming due date reminders, overdue notices, repayment confirmations)
- OTP (one-time verification code) messages
- Account security notifications (login alerts, device changes, password modifications)
- Platform announcements (system maintenance, feature updates, policy changes).
With respect to communications via third-party platforms such as WhatsApp, we commit to:
- Not accessing, collecting, or using your phone's contacts/address book
- Never contacting your family members, friends, employer, or any third party regarding debt collection
- All communications being sent only through authorized official accounts
- You may at any time request that we stop contacting you via WhatsApp or similar platforms, and we will continue to provide services through SMS, phone calls, or email.
Article 13: Marketing Activities (Subject to Your Separate Consent)
With your explicit authorization, we may send you:
- Information about new products, features, or partner institution launches
- Limited-time promotions, interest rate campaigns, or user reward programs
- Personalized product recommendations based on your usage preferences.
You have the right to withdraw your marketing consent at any time, via in-app settings, contacting customer support, or using the unsubscribe link. Withdrawal of marketing consent does not affect your ability to use core loan services.
Chapter 4: Sharing and Disclosure of Personal Data
Article 14: Sharing with Partner Institutions
To facilitate loan application and disbursement, with your knowledge and consent, we share necessary application information with the corresponding partner financing/lending company for purposes including:
- Credit assessment and repayment capacity analysis
- Loan approval decisions
- Loan disbursement, account management, and repayment tracking
- Risk control and collection handling.
Article 15: Sharing with Service Providers
We may engage third-party service providers to assist in operating the Platform, including but not limited to:
- Cloud infrastructure and data storage services
- Data analytics and statistical services
- Customer support systems and ticket management
- Security monitoring and risk control technical support
- Collection services (only through legally authorized collection agencies engaged by the partner institution).
These service providers access data only to the minimum extent necessary to perform the contracted services and are bound by confidentiality obligations under contract.
Article 16: Disclosure Required by Law
We may disclose your information as required by law under the following circumstances:
- Providing credit-related information to the Credit Information Corporation (CIC), credit bureaus, credit reporting agencies, etc.
- In response to lawful directives from laws, regulations, judicial authorities, government agencies, or regulatory bodies
- When necessary to protect the personal or property safety of users or the public
- In connection with mergers, acquisitions, asset transfers, or other significant transactions, where data is transferred in accordance with law (we will provide advance notice)
- Other circumstances with your explicit authorization.
Article 17: Commitments We Make to You
We will not sell or rent your personal data to any third party;
We will not use your address book for any form of marketing or promotion;
We will not push advertisements to third parties without your separate authorization;
We will not access your personal data without authorization.
Chapter 5: Data Storage and Security
Article 18: Storage Location
Your personal information is primarily stored within the Philippines and/or on servers of our selected third-party data storage service providers, and is subject to Philippine law.
Article 19: Security Measures
We employ a multi-layered security framework covering technical, administrative, and personnel dimensions, including:
Transmission Encryption: Using TLS/SSL protocols to encrypt all network-transmitted data, ensuring information is not intercepted or tampered with during transfer.
Storage Encryption: Encrypting sensitive fields such as ID numbers and bank account details at the database level to prevent exposure in the event of a data breach.
Access Control: Establishing strict access control mechanisms, granting access only to authorized personnel on a minimum-necessary basis, with tiered approval processes.
Regular Audits: Conducting periodic reviews of system security, data access logs, and operational activities to promptly identify and address potential vulnerabilities.
Personnel Management: All employees sign strict confidentiality agreements and undergo regular data protection and privacy training to reinforce internal security awareness.
Article 20: Data Retention Period
We retain your data only for as long as necessary to provide the Service and as required by law. Specific retention rules are as follows:
- During the existence of your account and the validity period of the loan contract, necessary information is retained
- After account closure or loan settlement, we will continue to retain certain data for the period permitted or required by law, generally ten (10) years from the date of collection, for compliance audits, dispute resolution, and regulatory reporting. Under the Anti-Money Laundering Act, financial institutions are required to retain customer records for five (5) years after account closure
- After the retention period expires, data will be securely deleted or anonymized.
Article 21: Data Deletion and Disposal
When data retention is no longer permitted or required, your personal data will be destroyed in a non-retrievable and unusable form in accordance with information security measures. If we discover or reasonably suspect that personal data is incomplete, outdated, false, unlawfully obtained, or used for unauthorized purposes, we will suspend or delete the relevant data.
Chapter 6: Your Data Subject Rights
Article 22: Overview of Rights
Under the Philippine Data Privacy Act (Republic Act No. 10173) and its Implementing Rules and Regulations, as a data subject, you have the following statutory rights over your personal data:
Right to be Informed: You have the right to know whether your personal data is being, has been, or will be processed. Before your personal data enters the processing system, you have the right to be informed of relevant information, including the purpose of processing, categories of data recipients, and your related rights.
Right to Access: You have the right to confirm whether we hold your personal data and to reasonably access its contents, including the names and addresses of data recipients, the manner of data processing, and the identity of the personal information controller.
Right to Object: You have the right to object to the processing of your personal data, including for direct marketing, automated processing, or profiling. When the purpose of processing changes, you have the right to be informed and to have the opportunity to withdraw your consent.
Right to Rectification: When you find that the personal data we hold is inaccurate or erroneous, you have the right to demand immediate correction. You may correct it yourself by logging into your account, or make a formal request to our Data Protection Officer.
Right to Erasure or Blocking: You have the right to suspend, withdraw, or order the blocking, deletion, or destruction of your personal data in cases where it is incomplete, outdated, false, unlawfully obtained, used for unauthorized purposes, or when you withdraw consent and there is no other legal basis for processing.
Right to Damages: You have the right to claim compensation in accordance with law if you suffer damage due to inaccuracy, incompleteness, outdatedness, falsity, unlawful acquisition, or unauthorized use of your personal data.
Right to Data Portability: You have the right to obtain from the personal information controller a copy of your personal data in an electronic or structured format, for secure transfer to another service provider (where technically feasible).
Right to File a Complaint: If you believe your personal data has been misused, maliciously disclosed, or improperly handled, or your data privacy rights have been violated, you have the right to file a complaint with the National Privacy Commission (NPC).
Article 23: How to Exercise Your Rights
To exercise any of the above rights, please contact us via the contact details in Chapter 9 of this Policy. We will review and respond to your request within a reasonable period after receipt. To verify your identity, we may request necessary information such as your registered name, registered mobile number, valid government ID, and details of your request. You may also file a complaint directly with the National Privacy Commission to seek remedies.
Article 24: Withdrawal of Consent
You have the right to withdraw specific data processing authorizations you have previously granted us at any time. Such withdrawal does not affect the lawfulness of processing based on your consent before its withdrawal.
Please note that if you object to the processing of certain personal data, it may affect your application processing time and our assessment of your creditworthiness. While you still have loan obligations with us, withdrawing consent does not relieve us of our rights and obligations to continue lawfully processing your personal data.
Chapter 7: Profiling and Automated Decision-Making
Article 25: Explanation of Profiling
"Profiling" means any form of automated processing of personal data, including the use of personal data to evaluate certain personal aspects relating to a natural person, such as creditworthiness, work performance, economic situation, health, personal preferences, behavior, and the like.
Article 26: Automated Decision-Making
You are hereby informed and explicitly consent to our accessing and processing your personal data through manual and automated processing and decision-making (as sole or partial basis) for purposes including:
- Assessing your creditworthiness and credit score
- Conducting credit checks
- Combating money laundering, terrorist financing, fraud, and other criminal activities
- Risk assessment
- Complying with legal and regulatory requirements.
In accordance with the NPC's guidelines on AI systems, personal information controllers involving automated decision-making shall ensure that data subjects understand the factors and inputs considered in the decision-making process and have access to appropriate dispute mechanisms.
Article 27: Redress Mechanism
If your loan application is rejected or your account is suspended or denied, you have the right to request a review of that decision. You may also object to the automated processing of your personal data, but doing so may result in our inability to provide services to you.
Chapter 8: Your Rights Under the Credit Information System Act
Article 28: Additional Rights
Under the Philippine Credit Information System Act (Republic Act No. 9510), you also have the following rights:
- Right to Access: You have the right to promptly and conveniently access credit information relating to you upon payment of the prescribed fee
- Right to Dispute: You have the right to dispute erroneous, incomplete, or misleading credit information
- Right to Expedited Dispute Resolution: You have the right to a simplified dispute resolution process for the expeditious handling of disputed credit information
- Right to be Notified: You have the right to be notified of any correction or deletion of erroneous, incomplete, or misleading information within five (5) working days after the conclusion of verification, investigation, or deletion of the disputed information
- Right to Damages: You have the right to claim damages if any of the above rights are refused without just cause
- Right to be Informed: You have the right to be informed of the submitting entity's obligation to submit and disclose basic credit data to the Credit Information Corporation (CIC)
- Right to Know Reasons for Denial: You have the right to know the reasons for denial of a credit application by a financial institution that uses credit data as a basis.
Chapter 9: Policy Updates and Revisions
Article 29: Right to Update
We reserve the right to revise this Privacy Policy from time to time.
Article 30: Notification Methods
In the event of material changes (such as changes in data processing purposes, adjustments to permission scopes, or reduction of user rights), we will notify you prominently via in-app pop-ups, official website announcements, or email notifications.
Article 31: Effectiveness and Acceptance
Revised policies will be marked with a new effective date upon publication. If you continue to use the Service, you signify your acceptance of the revised policy. If you do not agree to the updated terms, you may contact our Data Protection Officer.
Chapter 10: Contact Us
Article 32: Contact Information
If you have any questions, complaints, or requests to exercise your rights regarding this Privacy Policy or data processing, please contact us through the following channels:
Company Name: VANTABLACK TECHNOLOGY CO. LTD.
App Name: JaccsLoan
Customer Support Email: support@vantablacktech.com
Official Website: https://www.vantablacktech.com/
Response Time: We commit to promptly acknowledging your request and responding within a reasonable period.
Article 33: Filing a Complaint with the Regulatory Authority
You also have the right to file a complaint directly with the National Privacy Commission (NPC) to seek remedies. The NPC is the government agency established under the Data Privacy Act to oversee the implementation of data protection laws.
Chapter 11: Governing Law and Dispute Resolution
Article 34: Governing Law
This Privacy Policy shall be governed by and construed in accordance with the laws of the Philippines.
Article 35: Dispute Resolution
Any dispute arising out of or in connection with this Policy shall be submitted to the exclusive jurisdiction of the competent courts in the Philippines.
Chapter 12: Consent and Acknowledgment
Article 36: User Consent
By providing us with your personal data, you hereby consent to our use, processing, and/or disclosure of your personal data in accordance with this Privacy Policy.
Article 37: Declaration Regarding Third-Party Data Providers
If you, as a representative or agent of the Company, provide personal data of third parties (including but not limited to your directors, shareholders, employees, authorized signatories, agents, etc.), you hereby declare and warrant that:
- You have obtained the lawful and valid consent of such third parties
- You have the authority to provide us with their personal data
- Such personal data may be used, processed, and/or disclosed in accordance with this Privacy Policy.