Privacy Policy

Effective Date: June 12, 2025

Welcome to ZRT CREDIT AND LENDING CORPORATION (“we,” “our,” “us”). We are committed to protecting your privacy and ensuring that your personal data is handled responsibly and in compliance with applicable laws and regulations, including the Data Privacy Act of 2012 of the Republic of the Philippines.

Scope of This Privacy Policy

This Privacy Policy applies to all individuals who access our website, mobile applications, or utilize our credit products and financial services (collectively, the “Services”).

Information We Collect

1.Personal Information

To provide you with secure and personalized services, we collect the following identification-related information:

• Full Legal Name

  We require your full legal name to maintain accurate records and match your loan account.

• Government-Issued ID Details

  This includes the type and number of your government-issued ID to confirm your identity and prevent impersonation.

• Date of Birth, Age, and Gender

  This helps us verify eligibility and comply with applicable regulatory requirements.

• Marital Status and Educational Background

  We may collect this to better understand your financial and credit profile.

• Current Residential Address

  This ensures your location is within our serviceable area and supports accurate correspondence.

• Emergency Contact Information

  We collect the name and contact details (such as phone number and relationship to you) of at least two emergency contacts to support identity verification, fraud prevention, and risk management.

2.Financial Information

To assess your repayment ability and recommend suitable loan options, we collect the following financial details:

• Bank Account or E-Wallet Details

  Necessary for processing loan disbursement and repayment.

• Employment Details

  Includes your employer, job title, and income to assess financial stability.

• Existing Loan Obligations

  Helps us ensure responsible lending and avoid over-indebtedness.

3.Device and Technical Information

To ensure platform security and smooth performance, we collect the following technical data:

• Device Details

  We collect details such as your device model, operating system version, and battery status (including charging condition and battery level). This information helps us enhance app compatibility, optimize performance, prevent transaction interruptions, and detect potential security issues.

• Network Details

  We collect details such as your device model, operating system version, and battery status (including charging condition and battery level). This information helps us enhance app compatibility, optimize performance, prevent transaction interruptions, and detect potential security issues.

4.App Permissions and Data Usage

To enhance your app experience, we may request the following device permissions. The table below explains their purpose and usage:

• Device Data

  To verify the uniqueness of the device and prevent fraudulent activities, we may collect certain technical details from your device. This includes, but is not limited to, information such as device model, operating system version, and unique device identifiers (e.g., IMEI, Android ID). This permission is used solely for fraud prevention and security verification purposes during your loan application process. We do not access or use any device information beyond what is necessary for these functions, and all data is handled securely and in compliance with applicable privacy laws.

• Camera and Photo Album Permissions

  When you are required to upload identity documents, proof of income, or other supporting materials, we may request access to your device’s camera or photo album. This permission is used solely to allow you to capture or select images necessary for submitting required documentation during your loan application process. We do not access any media files without your consent, and all images are used exclusively for verification purposes, not stored permanently or used for any other purpose.

• Biometric Information

  We collect facial biometric information by requesting a real-time photograph of your face as part of the identity verification process. This data is utilized to confirm your identity, ensure that the loan application is genuinely submitted by you (both at the initial application stage and during any subsequent identity checks, including dispute resolution), and to safeguard against fraudulent loan activities.

How We Use Your Information

We may use your personal data for a variety of lawful and legitimate business purposes, including but not limited to the following:

• To process loan applications and manage loan accounts

  We use your data to evaluate your loan eligibility, assess risk, approve or decline applications, generate loan agreements, and manage disbursement, repayment, and other account-related activities.

• To verify your identity and creditworthiness

  Your identity documents, facial data, and historical records may be used to confirm your identity and evaluate your ability and willingness to repay, enabling us to make responsible lending decisions.

• To comply with regulatory and legal requirements

  We process and retain your data to meet the requirements set by Philippine laws, such as those mandated by the Securities and Exchange Commission (SEC), Bangko Sentral ng Pilipinas (BSP), and the Data Privacy Act of 2012.

• To communicate with you regarding services, transactions, or support

  Your contact information allows us to notify you about important updates, transaction status, payment reminders, customer service responses, and other relevant information.

• To improve our products and services

  We analyze usage patterns, feedback, and support data to refine our platform functionality, enhance user experience, and introduce new features that better meet user needs.

• To detect and prevent fraud or illegal activity

  Your data may be used in automated and manual monitoring systems to identify suspicious activities, prevent identity theft, and protect both you and our platform from fraud.

• For analytics and internal business operations

  Aggregated and anonymized data may be used for business intelligence, system performance monitoring, product development, operational reporting, and compliance auditing.

All data usage strictly follows the principles of transparency, necessity, and proportionality, and we ensure your privacy rights are respected at every step.

Third-Party SDK Disclosure

To deliver essential functions, improve user experience, and maintain service performance, our application incorporates several third-party Software Development Kits (SDKs). Before any integration, we conduct a thorough evaluation of their data collection practices. All data gathered through these SDKs is done so with your informed consent and in accordance with applicable laws and platform guidelines.

1. Advance.AI

• Purpose: Employed to authenticate users' identities during the verification process and to reduce the risk of fraudulent activities.
• Data Collected: Facial images (selfies) and ID document photos, used solely for biometric comparison.
• Data Protection: Information is gathered only after obtaining clear user consent and is transmitted through secure, encrypted channels. The data is strictly confined to identity verification use.

Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds, in compliance with applicable laws and regulations, including the Data Privacy Act of 2012 of the Republic of the Philippines:

• Your Informed Consent

  In many cases, we collect and process your data only after obtaining your clear and voluntary consent. This applies to scenarios such as accessing your camera, location, or uploading identity documents. You have the right to withdraw your consent at any time, though this may impact certain features of the service.

• Performance of a Contract

  We process your information when it is necessary for us to provide the services that you have requested, such as processing loan applications, verifying your identity, or managing your repayments. This ensures that we can fulfill our obligations under the terms agreed with you.

• Compliance with Legal Obligations

  We are required by law to collect and disclose certain personal information to fulfill regulatory requirements, such as reporting to government agencies (e.g., SEC, BSP), performing anti-money laundering (AML) checks, or complying with tax and audit laws.

• Legitimate Business Interests

  We may process your data to improve our services, enhance user experience, prevent fraud, and maintain the security and stability of our platform. In doing so, we always balance our interests with your fundamental rights and freedoms, ensuring that your privacy is not compromised.

These legal bases guide how and why we collect, use, store, and share your personal data, ensuring all data processing activities are done lawfully, fairly, and transparently.

How We Share Your Information

We may share your personal information with carefully selected third parties for legitimate business, legal, and operational purposes. Such sharing is done in accordance with applicable laws and is limited to what is necessary to fulfill specific functions or regulatory requirements. These third parties may include but are not limited to:

• Affiliates and service providers

  We may disclose your information to our affiliated companies or trusted third-party service providers who assist us in delivering our services. These may include, but are not limited to, payment processing companies, cloud storage platforms, customer support tools, IT infrastructure providers, data analytics platforms, and other technical service vendors. These entities are contractually bound to process your data securely and only for the purposes specified by us.

• Government Authorities and Regulatory Agencies

  When required by law, regulation, or legal process, we may share your data with government bodies such as the Securities and Exchange Commission (SEC), the Bangko Sentral ng Pilipinas (BSP), or other relevant Philippine government entities. This may include situations such as responding to legal notices, court orders, or complying with regulatory reporting obligations.

• Credit Bureaus and Financial Institutions

  In connection with our lending operations, we may provide necessary information to authorized credit bureaus, credit scoring institutions, or partner financial institutions for credit evaluation, reporting, and risk management. This allows for the accurate assessment of creditworthiness and helps prevent default and fraud.

• Legal Advisors and Compliance Auditors

  To protect our legal interests and ensure full compliance with all applicable laws, we may share relevant data with our legal counsel, external consultants, and third-party auditors. These professionals assist us in maintaining regulatory compliance, preparing for audits, and handling any legal disputes or investigations.

• Authorized Business Partners

  In certain cases, we may collaborate with third-party partners for specific functions such as risk modeling, fraud detection, user analytics, or marketing campaign performance measurement. These partners are contractually obligated to uphold confidentiality, ensure data security, and only use the data for agreed-upon purposes.

We ensure that all third parties with whom we share your information have appropriate safeguards in place to protect your data and limit its use strictly to the purposes for which it was shared. We do not sell or rent your personal information to any external parties under any circumstances.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, and in accordance with applicable laws, industry practices, and regulatory requirements. Specifically, we will retain your data under the following circumstances:

• While You Remain a Registered User of Our Platform

  As long as your account remains active or you continue to use our services, we will retain your personal data to ensure smooth service delivery, enable account management, and maintain user support.

• For the Duration Necessary to Fulfill the Purpose of Collection

  Even after you stop using the platform, we may still need to retain certain data to complete loan repayment processing, resolve disputes, respond to user inquiries, detect or prevent fraud, or for internal audits and analytics.

• As Required by Financial, Tax, Legal, or Regulatory Requirements

  We are obligated to retain some records for a specific period as mandated by applicable financial regulations, such as those from the Securities and Exchange Commission (SEC), Bangko Sentral ng Pilipinas (BSP), or tax authorities. This may include transaction records, identity verification data, and financial reporting materials.

Once the retention period expires and the data is no longer needed for the purposes outlined above, we will securely delete, anonymize, or destroy the data in accordance with our internal policies and applicable data protection laws.

Data Security

We take the protection of your personal data seriously and implement a comprehensive range of technical and organizational measures to ensure its confidentiality, integrity, and availability. Our goal is to prevent unauthorized access, misuse, alteration, or loss of your data throughout its lifecycle.

• Data Encryption

  All data transmitted between your device and our servers is protected using encryption protocols such as HTTPS and SSL. Sensitive personal information, including identification data and financial records, is encrypted both in transit and at rest.

• Access Controls and Role-Based Permissions

  Only authorized personnel can access your data, and only for purposes directly related to their role. Access rights are granted based on the principle of least privilege to minimize unnecessary exposure.

• Multi-Factor Authentication (MFA)

  To prevent unauthorized account access, we use multi-factor authentication for both internal administrative systems and certain user-facing functions, ensuring that access is granted only to verified users.

• Regular Security Audits and Penetration Testing

  We conduct regular security assessments, including third-party audits and simulated cyberattack (penetration) testing, to identify potential vulnerabilities and take timely corrective actions.

• Secure Development and Data Isolation

  Our software is built following secure development lifecycle (SDL) best practices, and user data is logically isolated to prevent cross-access between accounts or systems.

In the unlikely event of a data breach, we have an incident response plan in place to notify affected users and relevant authorities in accordance with the Data Privacy Act of 2012 and other applicable laws.

Your Rights

Under the Data Privacy Act, you have the following rights:

• Right to be informed
• Right to access your data
• Right to correct inaccuracies
• Right to object to processing
• Right to request deletion or blocking
• Right to data portability
• Right to file a complaint with the National Privacy Commission (NPC)

You may exercise your rights by contacting us as provided below.

Children’s Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect data from minors.

If you believe a minor has submitted personal data, please contact us for deletion.

Changes to this Privacy Policy

We may update this Privacy Policy periodically. Updates take effect upon publication.

We encourage you to review this Policy regularly.

Contact Us

If you have any questions, requests, or complaints regarding this Privacy Policy, please contact us.

Company Name: ZRT CREDIT AND LENDING CORPORATION

Email: menchiecabanban@zrtcredit.com

Address: #62 Purok 2 Andal Alino (Pob.), Talavera, Nueva Ecija, 3114 Philippines