Last updated: October 2, 2021
Bux respects and values your privacy and the secrecy of your account information with us. This Privacy Policy (“Policy”) informs you how we collect, use, store, and process your personal data. We adhere to the data privacy principles of (1) legitimate purpose – we only process upon your consent, in compliance with law or contract; (2) transparency – we notify everything that happens to your data; and (3) proportionality – collection is limited based on purpose.
This Policy applies to data subjects who visit or use the Bux website, Bux Facebook page and use the Application Programming Interfaces (API) or related services (the “Services”) of the platform. (Data Subjects”)
Personal Data refers to any information that identifies or is linkable to a natural person. On the other hand, Sensitive Personal Data is any attribute that can distinguish, qualify or classify a natural person from the others such as data relating to your ethnicity, age, gender, health, religious or political beliefs, genetic or biometric data.
We collect your Personal and Sensitive Personal Data when you register, sign-up or use our products and services or contact us about them. We also collect through your organization whether private corporation or government instrumentality you authorized. We may also obtain your information from other sources (i.e publicly available platforms, financial institutions, credit agencies, payment gateway processors, public authorities, and other registers) for purposes of identity verification and regulatory requirements by the Bangko Sentral ng Pilipinas (BSP).
Account Data and Know-Your-Customer (KYC) Information: Refer to Personal Data and Sensitive Personal Data we collect when you sign up or register to our products and services such as full legal name, gender, date of birth, nationality, civil status, permanent address, present address, tax identification number and other government-issued identification numbers, mobile number, home number, office contact details, company name, job position or rank, office address, source of funds, gross annual income, and such other information necessary to conduct due diligence and comply with BSP rules and regulations.
For entities, Bux collects the following information when your representatives or authorized personnel create or update your enterprise account in Bux: business information (type, name, nature, address details, years in business, website/URL), social media pages or accounts (Facebook, Instagram, etc.), annual gross sales information, average ticket size, projected annual sales, services offered, list of stockholders, directors, and officers, and all other information that are required to be provided during account creation or updating.
As part of Bux’s KYC and KYB, Bux also requires the submission of the following business-related documents for sole proprietorships and other entities that open enterprise accounts in Bux:
Sole Proprietorship | Enterprise Entities | Partnership Entities |
DTI Registration | SEC Registration | Articles of Partnership |
Business Permit or Mayor’s Permit | Articles of Incorporation | BIR 2303 |
BIR Registration | By-Laws | SEC Certificate of Filing of Articles of Partnership |
Income Tax Return (optional) | Latest General Information Sheet (GIS) | Business Permit or Mayor’s Permit |
Bank Account information for settlement | Business Permit or Mayor’s Permit | Partnership Resolution |
BIR 2303 | Bank Account information for settlement | |
Secretary’s Certificate or Board Resolution for Authorized Representatives or Signatories | ||
Latest Audited Financial Statement (optional) | ||
Bank Account information for settlement |
Bux also collects individual information from the authorized users of enterprise accounts as they are required to create individual accounts. Upon successful creation of the enterprise account, the individual accounts shall be provided with their access rights. On top of the usual information to be required and collected for individual accounts, enterprise-related individual accounts shall also provide their designation for the roles of: SPOC – Main Contact Person / Master Admin, Sales, Finance, Support, Admin and IT for enterprise accounts.
Payment and Transactional Data: Linkable information to your Personal Data such as (1) bank account number, deposits, withdrawals, such other transfers made to or from your account, and details about them such as reference number, place and time these were made; (2) information when you contact us through our official channels such as branches, contact centers, web and mobile platforms; (3) credit card and debit card account number as well as purchases or transactions using your credit card and debit card; and (4) other forms of customer account number, payments, and transactions you have with us.
Financial Data: Information about the value of your property and assets, your credit history and capacity, and other financial products and services you have with us.
Payouts: Bux collects and stores your bank account information needed to access and generate your checkout transactions. This information will then be passed on to Bux’s partner banks.
Sensitive Personal Data: We may require the following Sensitive Personal Data upon your express consent: (1) your religion when you apply for insurance products with us; (2) for customer verification, your government-issued identification numbers or cards such as passport or driver’s license ID; or (3) any information that is necessary, incidental to contractual agreement or in connection with a requested product or service.
Multi Wallet Transactions: Transactional data of a sub wallet that can be viewed by the master wallet if the s part of the multi wallet closed loop system of a Bux merchant.
The foregoing data are collectively referred to as “Customer Data” or “Personal Information”.
Processing means any activity pertaining to the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of Customer Data.
We process Customer Data only for legitimate purposes and with lawful basis such as your express consent, terms and conditions of product or service you signed up with us, and as required by law and regulation. We ensure that only authorized employees and third-party service providers, who satisfy our stringent risk management, governance, information security, and data privacy requirements, can process your data.
Bux uses Google Analytics. This tool enables Bux to analyze your use of the Services, including information on the frequency of your visits, events you look at within the Services, usage and performance data. Bux uses this data to improve its Services, better understand how the Services perform on different devices, and provide information that may be of interest to you.
Right to be informed – you may demand the details as to how your Personal Data is being processed or have been processed by the us, including the existence of automated decision-making and profiling systems.
Right to access – upon written request, you may demand reasonable access to your Personal Information, which may include the contents of your processed personal information, the manner of processing, sources where they were obtained, recipients and reason of disclosure.
Right to dispute – Right to dispute – you may dispute inaccuracy or error in your Personal Information in our systems through our contact center representatives.
Right to object – Right to object – you may suspend, withdraw, and remove your Personal Information in certain further processing, upon demand, which include your right to opt-out to any commercial communication or advertising purposes from the us.
Right to data erasure – based on reasonable grounds, you have the right to suspend, withdraw or order blocking, removal or destruction of your personal data from our filing system, without prejudice to UBX’s continuous processing for commercial, operational, legal, and regulatory purposes. To request for removal of your personal data please contact our Data Protection Officer (DPO) at dpo@ubx.ph. Our DPO will coordinate with the technical team to remove your personal data within seven (7) working days, subject to any additional documentation that the DPO may require. You will receive an email confirmation once the data has been successfully removed.
Right to data portability – you have the right to obtain from the us your Personal Information in an electronic or structured format that is commonly used and allows for further use.
Right to be indemnified for damages – as data subject, you have every right to be indemnified for any damages sustained due to such violation of your right to privacy through inaccurate, false, unlawfully obtained or unauthorized use of your information.
Right to file a complaint – Right to file a complaint – you may file your complaint or any concerns with our Data Protection Officer and/or with the National Privacy Commission through www.privacy.gov.ph
If you have any questions, concerns, or disputes regarding our Privacy Policy, please feel free to contact our Data Protection Officer at dpo@ubx.ph