This Data Privacy Policy describes how N90 Financing Corp. and its representatives and/or agents (collectively referred to herein as "N90", "us”,“we” or “our”) will manage Personal Information (as defined below) in compliance with the Data Privacy Act of 2012 and its implementing rules and regulation(s) (“the Act”or “DPA”).
n90 collects, uses, stores, discloses, and otherwise processes your personal data on the basis of one or more lawful bases recognized under Sections 12 and 13 of the DPA, which may include, as the circumstances require: (a) the necessity for the performance of a contract with you, or for taking steps at your request prior to entering into a contract, such as the processing of your loan application; (b) the necessity for compliance with a legal obligation of n90, including obligations under Republic Act No. 9160 (the Anti-Money Laundering Act of 2001), Republic Act No. 9510 (the Credit Information System Act), and other applicable laws and regulations; (c) the legitimate interests pursued by n90 or by a third party, assessed in accordance with NPC Circular No. 2023-07 and balanced against your rights and freedoms; and (d) your specific, informed, and freely given consent, in accordance with NPC Circular No. 2023-04, where consent is the applicable lawful basis (such as for marketing communications and certain uses of sensitive personal information). Where the processing involves sensitive personal information or privileged information, n90 relies on the additional bases set out in Section 13 of the DPA.
This Data Privacy Policy supplements but does not supersede nor replace any other consents you may have previously provided to n90 in respect of your Personal Information, and your consents herein are additional to any rights which our company may have at law to collect, use or disclose your Personal Information.
We may from time to time update this Data Privacy Policy to ensure that this Data Privacy Policy is consistent with our future developments and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of the Data Privacy Policy as updated from time to time on our website [www.n90.asia].
1.1 In this Data Privacy Policy, “Personal Information” refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.
1.2 The Personal Information that n90 may collect from you, depending on the nature of your interaction with us, includes:
The specific categories of Personal Information collected for particular purposes (such as loan applications, vendor onboarding, employment, or partnership) are further described in Section 3 below.
1.3 In addition to Personal Information, n90 may also collect, use, and process Sensitive Personal Information, which refers to personal information (a) about your race, ethnic origin, marital status, age, color, and religious, philosophical, or political affiliations; (b) about your health, education, genetic or sexual life, or any proceeding for any offense committed or alleged to have been committed; (c) issued by government agencies peculiar to you, such as social security numbers, previous or current health records, licenses or their denials, suspension or revocation, and tax returns; and (d) specifically established by an executive order or an act of Congress to be kept classified.In the course of n90's lending operations, the Sensitive Personal Information most commonly collected from you includes government-issued identifiers such as your Tax Identification Number (TIN), Social Security System (SSS) number, Government Service Insurance System (GSIS) number, PhilHealth number, Pag-IBIG number, Unified Multi-Purpose ID (UMID), passport, driver's license, and PhilSys Number.
n90 processes Sensitive Personal Information only on the lawful bases set out in Section 13 of the DPA, including where required by law (such as Know-Your-Customer obligations under the Anti-Money Laundering Act) or with your specific consent.
2.1 Generally, we may collect Personal Information in the following ways:
2.2 When you browse our website, you generally do so anonymously but please see the section below on cookies.
2.3 If you provide us with any Personal Information relating to a third party (e.g. information of your spouse, children, parents, and/or employees), by submitting such information to us, you represent to us that you have obtained the consent of the third party to provide us with their Personal Information for the respective purposes.
2.4 You should ensure that all Personal Information submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to fulfill your requests, or delays in processing your requests.
3.1 Generally, n90 collects, uses, processes and discloses your Personal Information for the following specific purposes on basis of the consent given (where applicable) for:
3.2 In addition, N90 collects, uses and discloses your Personal Information for the following purposes:
A short-form Visitor Privacy Notice is displayed at the reception area of n90's offices.
3.3 n90 may send you marketing communications about its loan products, services, promotions, and related offers through email, SMS, voice call, or other electronic channels. n90 sends marketing communications only:
You may withdraw your consent or opt out of receiving marketing communications at any time and without cost, by clicking the unsubscribe link contained in any marketing email, replying with the appropriate keyword to a marketing SMS, or emailing the DPO at hello@n90.asia.
3.4 As a lending company, n90 is a mandatory submitting entity under Republic Act No. 9510 (the Credit Information System Act). n90 shall regularly submit your basic credit data to the Credit Information Corporation (the "CIC") in the form, manner, and within the timelines prescribed by the CIC and its implementing rules.
Basic credit data submitted to the CIC may include your identification information, loan account details, repayment history, outstanding balances, and credit performance. The CIC may share this credit data with its accredited special accessing entities (such as other lenders, credit bureaus, and financial institutions), in accordance with RA 9510 and the rules of the CIC.
You have the right to dispute any credit data submitted to the CIC that you believe is inaccurate or erroneous, by filing a dispute directly with n90 or with the CIC. n90 shall investigate the dispute, rectify any confirmed errors, and submit corrected data to the CIC within the period prescribed by the CIC.
3.5 As a lending company, n90 is a "covered person" under Republic Act No. 9160, as amended (the Anti-Money Laundering Act of 2001), and is subject to its implementing rules and the regulations of the Anti-Money Laundering Council (the "AMLC"). In compliance with these obligations, n90 collects, uses, and discloses your Personal Information for the following purposes:
The existence, filing, and contents of any covered transaction report or suspicious transaction report shall be treated as strictly confidential under RA 9160, and n90 shall not disclose the filing or contents of any such report, nor warn or "tip off" the subject of any such report.
3.6 n90 treats client information as strictly confidential, subject only to the disclosures permitted under the DPA, RA 11765, and related laws. n90 observes the consumer protection standards of disclosure and transparency, fair treatment, protection of client information, and effective recourse in its lending operations. You may raise any concern regarding the processing of your Personal Information or your treatment as a financial consumer through the channels described in Section 9 of this Policy.
4.1 n90 will take commercially reasonable steps to protect your Personal Information against unauthorized disclosure. Subject to the provisions of any applicable law, your Personal Information may be disclosed, for the purposes listed above (where applicable), to the following entities or parties, whether they are located in the Philippines or overseas:
4.2 Please note that the disclosures referred above may be subject to additional legal requirements under applicable law, if we do disclose your Personal Information, we will only do so to the extent necessary, proportionate and legally permitted.
5.1 When you interact with us on our websites, we automatically receive and record information on our server logs from your browser. We may employ cookies in order for our server to recognize a return visitor as a unique user including, without limitation, monitoring information relating to how a visitor arrives at the website, what kind of browser a visitor is on, what operating system a visitor is using, a visitor’s IP address, and a visitor’s clickstream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).
5.2 Cookies are small text files stored in your computing or other electronic devices which allow us to remember you. The cookies placed by our server are readable only by us. Cookies are not programs and therefore cannot access, read or modify any other data on an electronic device. All web-browsers offer the option to refuse any cookie, and if you refuse our cookie then we do not gather any information on that visitor.
5.3 Should you wish to disable the cookies associated with these technologies, you may do so by changing the setting on your browser. However, you may not be able to use certain services or enter certain part(s) of our website.
5.3 n90 uses strictly necessary cookies for core site functions and, subject to your consent where required, performance and analytics cookies, functionality cookies, and advertising cookies. A cookie consent interface is displayed when you first visit n90's website, providing equally prominent options to accept, reject, or configure non-essential cookies, with no pre-ticked boxes. You may withdraw your consent to non-essential cookies at any time through the same interface. The specific cookies used by n90's website, their purposes, providers, and durations are described in n90's Cookies Notice published on the website.
6.1 You have the following rights as a data subject under the DPA, which may be exercised by contacting n90 in writing:
6.2 Without prejudice to n90's internal complaint-handling procedure described in Section 9 of this Policy, you may also file a complaint directly with the National Privacy Commission.
7.1 n90 will take reasonable efforts to protect Personal Information in our possession or our control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks.
We implement appropriate organizational, technical, and physical measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include but are not limited to:
However, we cannot completely guarantee the security of any Personal Information we may have collected from or about you, or that for example no harmful code will enter our website (for example viruses, bugs, trojan horses, spyware or adware). You should be aware of the various associated risks with using websites.
7.2 While we strive to protect your Personal Data, we cannot ensure the security of the information you transmit to us via the Internet or otherwise and we urge you to take every precaution to protect your Personal Data when you are on the internet or use such platforms.
7.3 If applicable, you undertake to keep your username and password secure and confidential and shall not disclose or permit it to be disclosed to any unauthorized person, and to inform us as soon as reasonably practicable if you know or suspect that someone else knows your username and password or believe the confidentiality of your username and password has been lost, stolen or compromised in any way or that actual or possible unauthorized transactions have taken place. We are not liable for any damages resulting from any security breaches, on unauthorized and/or fraudulent use of your username and password.
7.4 In the event of a personal data breach that is likely to give rise to a real risk of serious harm to affected data subjects, n90 shall notify the National Privacy Commission and the affected data subjects within seventy-two (72) hours from knowledge of, or reasonable belief that, the breach has occurred, in accordance with the DPA and its implementing rules. n90 has constituted a Data Breach Response Team, led by the DPO, responsible for the immediate investigation, containment, and response to personal data breaches and security incidents.
8.1 n90 may transfer your Personal Information to entities located outside the Philippines, including affiliates, subsidiaries, and third-party service providers such as cloud service providers and electronic document execution platforms. n90 shall transfer your Personal Information outside the Philippines only where: (a) the transfer is necessary for a purpose permitted under the DPA; (b) n90 remains accountable for the personal data so transferred; and (c) the receiving entity is bound, by contract or other legally enforceable means, to afford the personal data a level of protection comparable to that required under Philippine law, including, where appropriate, through the use of model contractual clauses or other recognized transfer mechanisms.
8.2 n90 retains your Personal Information only for as long as is necessary for the purposes for which it was collected, or as required by applicable law. The following illustrative retention periods apply to common categories of records:
Retention periods are counted from the termination, closure, or last activity of the relevant account or relationship, unless otherwise stated. Any third party that processes Personal Information on n90's behalf is required to dispose of the Personal Information in accordance with the agreed retention period under their engagement contract.
9.1 If you have any questions, feedback, requests, or complaints relating to your Personal Information or this Data Privacy Policy, you may contact n90's Data Protection Officer:
Head of Legal and Compliance / Data Protection Officer
n90 Financing Corp. 10th Floor, Century Pacific Tower, 5th Avenue corner 30th Street, 4th Avenue, Bonifacio Global City, Taguig City, Philippines
Email: hello@n90.asia
You may contact the Data Protection Officer if you wish to:
9.2 Please note that if your Personal Information has been provided to us by a third party (e.g. a referrer, or your company), you should contact that organization or individual to make such queries, complaints, and access and correction requests to n90 on your behalf.
9.3 If you withdraw your consent to any or all use of your Personal Information, depending on the nature of your request, n90 may not be in a position to continue to provide its products and services to you, administer any contractual relationship in place, which in turn may also result in the termination of any agreements with n90, and your being in breach of your contractual obligations or undertakings. n90’s legal rights and remedies in such an event are expressly reserved.
10.1 Our website or application system may contain links to other third-party operated websites over which we have no control over. We are not responsible for the privacy and/or data protection practices of such third-party operated websites that are linked to our website or application system. Once you have left our website by clicking a relevant link, your use of that third-party website will be governed by the privacy or data protection policy of that website.
11.1 This Data Privacy Policy and your use of this website shall be governed and construed in all respects by the laws of the Republic of the Philippines.