Una Marketplace Inc.(UMP) is committed to protecting the privacy of its data subjects and ensuring the safety and security of personal data under its control and custody. This policy provides information on what personal data is gathered by UMP about its current, past, and prospective clients and employees; how it will use and process this; how it will keep this secure; and how it will dispose of it when it is no longer needed.
This information is provided in compliance with the Philippine Republic Act No. 10173, also known as, the Data Privacy Act of 2012 (DPA) and its Implementing Rules and Regulations (DPA-IRR). It sets out UMPI’s data protection practices designed to safeguard the personal data of individuals it deals with, and also to inform such individuals of their rights under the Act.
This Data Privacy Notice and Consent Form may be amended at any time without prior notice, and such amendments will be notified to you in via UMPI’s website or by email.
UMP collects, stores, and processes personal data from its current, past, and prospective clients and employees, starting with the information provided at the application and to information collected throughout the whole course of the transaction by the client or in the course of their employment or engagement by the employee or consultant with UMP and its affiliates and/or subsidiaries. This will include but is not limited to the following:
Relative to the immediately preceding paragraph, the data subject is also informed that UMP may make and manage phone calls for proper identification and verification of the data subject’s identity, fraud prevention, compliance with the Anti-Money Laundering and other applicable Laws of the Republic of The Philippines, and enhance the user experience of data subjects.
Furthermore, data subjects may also allow UMP to access the mobile device's location for purposes of fraud prevention and detection, compliance with the Anti-Money Laundering and Terrorist Prevention Laws of the Republic of The Philippines, and enhancement of user experience of data subjects.
For UMP Clients
- Contact information, such as name, addresses, telephone numbers, email addresses, and other contact details;
- Demographic and lifestyle information of the client;
- Information UMP receives when making a decision about the data subject, details of when the data subject contacted UMP and when the latter contacted the data subject, mobile device data (such as SIM, IMEI, or other device identifiers type of device, device operating system, device settings, user account information for your mobile device, about mobile network provider, device specifications), location data (such as mobile device location, time zone setting); phone data (such as contact lists and metadata, SMS metadata, types and nature of mobile applications found on your mobile device), mobile app usage data (such as traffic volume, mobile app usage) and telecommunications usage data or “telco usage score,” and any other information which UMP reasonably need to operate data subject’s account, make decisions about the data subject or fulfill our regulatory obligations.
- Other personal and/or sensitive personal information, which was disclosed to UMP through the transaction;
Channels of Data Collection
UMP shall collect information about the data subject in the following ways:
- Information that the data subject provided to UMP through communications with UMP employees or its application;
- Information that the data subject authorized UMP to collect through its applications, such as photographs obtained via access to the data subject’s smartphone camera or photo gallery, phone, email, or social media contact lists and metadata for the purpose of KYC and preventing fraud, or credit scoring and/or verification;
- Information from outside sources such as credit bureaus and customer service providers to help us with customer verification and credit-related decisions.
Use of Information
The collected personal data is used solely for the following purposes:
- Processing of credit application of client and confirmation of the identity of the prospective client and their reference;
- Conduct the ‘Know Your Client’ exercises to establish and verify the identity of the prospective client, prevent and/or detect possible attempts to commit fraud and other related criminal offenses, and comply with the regulations of the Anti-Money Laundering Council and other law enforcement agencies;
- Facilitate and complete the transaction applied, share it within our group of companies and offer the clients products suitable or relevant to their requirements and/or profile;
- Protect personal information and sensitive personal information disclosed to secure accounts from fraud and other illegal activities;
- Settle claims or disputes involving UMP’s products and services. The personal data or sensitive personal information may also be used for prosecuting or defending UMP or its employees when needed;
- Share or disclose personal data and/or sensitive personal information to third-party service provider, as may be required by law, regulation, or by a court order;
All personal data and information collected and/or were disclosed by the data subjects by reason of their application, transaction, and/or any interaction with the Corporation will be uploaded and stored on our server and will not be shared with any third party.
UMP will not share your personal data with third parties unless necessary for the above-mentioned purposes and unless you give your consent thereto. Such third parties may include UMP’s business units, subsidiaries, affiliates, agents, outsourced service providers, and other third parties.
We engage outsourced service providers to support us in delivering services to you. Our third parties include government regulators, judicial, supervisory bodies, tax authorities or courts of competent jurisdiction. We engage third parties for the following reasons:
- Verify your personal information
- Assist in business operations
- Comply with legal requirements
- Addressing fraud, security or technical issues, to respond to an emergency or otherwise protect the rights, property or security of our customers or third parties
- Carrying out all other purposes set out above
Personal data shared with third parties shall be covered by the appropriate agreement to ensure that all personal data is adequately safeguarded.
UMP does not, will not, sell personal data to any third party. All our engagements with third parties shall be fully-compliant with our obligation of confidentiality imposed on us under applicable agreements and/or terms and conditions or any applicable laws that govern our relationship with you.
Personal data under the custody of UMPI shall be disclosed only to authorized recipients of such data. Otherwise, we will share your personal data with third parties only with your consent, or when required or permitted by our policies and applicable law, such as with:
Where UMP considers it necessary, indispensable or appropriate, for the purposes of data storage, enhanced security, account processing, providing any service or product on our behalf to you, or implementing a new or enhanced system for our products and services, we may transfer the custody of your personal data to third parties within or outside of the Philippines, under conditions of confidentiality and similar levels of security safeguards.
UMP strictly enforces data privacy and information security policies. It implements technological, organizational, and physical security measures to protect your personal data against loss, misuse, modification, unauthorized or accidental access or disclosure, alteration, or destruction. We put safeguards such as the following:
- We keep and protect data using a secured server behind a firewall, deploying encryption on computing devices and physical security controls
- We restrict access to your personal data only to qualified and authorized personnel who hold your personal data with strict confidentiality
- We train our employees to properly handle your data and
- We require our third parties to protect personal data aligned with our own security standards.
We continue to implement organizational, administrative, technical, and physical security measures to safeguard your personal data. Only authorized personnel have access to your personal data, the exchange of which is facilitated through internal shared servers, email, and paper files.
Should third parties need access to your personal data, we require some form of data sharing agreement with them, in compliance with the DPA and the DPA-IRR.
The hard copy of the documents submitted to UMPI and its digital files are securely stored: employing physical security in its principal place of business to safeguard the paper files and technical security to protect the digital files.
Retention of Information
UMP stores personal data and sensitive personal information in a data center (on the cloud).
It retains personal data only according to its operational needs and in compliance with legal and regulatory purposes or requirements. UMP’s data retention and disposal policy is in accordance with R.A. 9470 (National Archives of the Philippines Act) and AMLC and/or BSP regulations, if applicable. In general, UMP shall only retain your personal data and sensitive personal information for three (3) years after the processing relevant to the purpose has been terminated. However, UMP may retain your data when necessary to establish, exercise or defend legal claims, for legitimate business purposes, or when provided by law.
Completeness and Accuracy of Personal Data and Sensitive Personal Information
Data subjects should ensure that personal data submitted to UMP is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with products and services you have requested. Data subjects should inform UMP immediately of any change of facts or circumstances which may render any personal data or information previously provided inaccurate, untrue, or incorrect and provide any information or documentation UMP may reasonably require for the purposes of verifying the accuracy of the updated information or personal data.
UMP strongly encourage data subjects to be vigilant in protecting your personal data by ensuring that their account details, PINs, username and password are secured and not disclosed to others or written somewhere accessible to others. UMPI advises the data subjects to exercise caution in protecting themselves against phishing, skimming and other electronic fraud and to remain alert for suspicious-looking offers, pretending or representing from the Corporation. UMP advises its clients that UMP will only communicate through its official channels and applications.
Rights of the Data Subjects
Under the Data Privacy Act, data subjects have the following rights:
- Right to be informed;
- Right to object;
- Right to access;
- Right to rectify or correct erroneous data;
- Right to erase or block;
- Right to secure data portability;
- Right to be indemnified for damages; and
- Right to file a complaint.
UMP’s decisions to provide access, consider requests for correction or erasure, and address objection to process data as it appears in its official records, are always subject to applicable internal policies, relevant laws and regulation.
Contact Una Marketplace Inc.
For further inquiries or complaints, please visit our website at https://unamarket.ph/ and at https://unapharma.ph/ or get in touch with our Compliance Department at (02) 8539-2143 loc. 4002 or 4004 or email us at [email protected]
Data privacy requests and concerns
For data privacy requests and concerns, you may write to our Data Protection Officer at [email protected] or
Data Protection Officer
Una Marketplace Inc.
15/F IBP Bldg., Jade Drive
Ortigas Center, San Antonio 1605 Pasig City
Changes in the Data Privacy Notice
UMP may amend this Data Privacy Notice in whole or in part to ensure that it is consistent with industry trends, legal and regulatory requirements applicable to how we handle your personal data and to ensure better protection of your personal data or information. Relevant updates will be posted on this site.
The submission of personal data and information by the data subject to UMP signifies that he or she have read and understood the above Privacy Notice and expressly agree and give his or he consent to the processing of his or her personal and/or sensitive personal information in the manner and for the purpose provided in this Notice. The data subject understands and accepts that this will include access to personal data and records submitted, which may be regarded as personal and/or sensitive personal data as provided under the Data Privacy Act of 2012.
UMP is also authorized to disclose the data subject’s data to accredited/affiliated third parties or independent/non-affiliated third parties, whether local or foreign, in the following circumstances:
- As necessary for the proper execution of processes related to the declared purpose;
- The use or disclosure is reasonably necessary, required or authorized by or under law; and
- Provided security systems are employed to protect the personal data or information;
Consenting to this Privacy Notice, however, does not waive any of the data subject’s rights under the Data Privacy Act of 2012.
For a complete reference on the Data Privacy Act, please visit the National Privacy Commission website at https://www.privacy.gov.ph/.