Privacy Policy

This Data Privacy Policy describes how N90 Financing Corp. and its representatives and/or agents (collectively referred to herein as "N90", "us”,“we” or “our”) will manage Personal Information (as defined below) in compliance with the Data Privacy Act of 2012 and its implementing rules and regulation(s) (“the Act”or “DPA”).

n90 collects, uses, stores, discloses, and otherwise processes your personal data on the basis of one or more lawful bases recognized under Sections 12 and 13 of the DPA, which may include, as the circumstances require: (a) the necessity for the performance of a contract with you, or for taking steps at your request prior to entering into a contract, such as the processing of your loan application; (b) the necessity for compliance with a legal obligation of n90, including obligations under Republic Act No. 9160 (the Anti-Money Laundering Act of 2001), Republic Act No. 9510 (the Credit Information System Act), and other applicable laws and regulations; (c) the legitimate interests pursued by n90 or by a third party, assessed in accordance with NPC Circular No. 2023-07 and balanced against your rights and freedoms; and (d) your specific, informed, and freely given consent, in accordance with NPC Circular No. 2023-04, where consent is the applicable lawful basis (such as for marketing communications and certain uses of sensitive personal information). Where the processing involves sensitive personal information or privileged information, n90 relies on the additional bases set out in Section 13 of the DPA.

This Data Privacy Policy supplements but does not supersede nor replace any other consents you may have previously provided to n90 in respect of your Personal Information, and your consents herein are additional to any rights which our company may have at law to collect, use or disclose your Personal Information.

We may from time to time update this Data Privacy Policy to ensure that this Data Privacy Policy is consistent with our future developments and/or any changes in legal or regulatory requirements. Subject to your rights at law, you agree to be bound by the prevailing terms of the Data Privacy Policy as updated from time to time on our website [www.n90.asia].

1. Personal Information

1.1 In this Data Privacy Policy, “Personal Information” refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.

1.2 The Personal Information that n90 may collect from you, depending on the nature of your interaction with us, includes:

  1. Identification and contact details, including full name, date and place of birth, civil status, sex, nationality, present and permanent address, telephone numbers, email address, and specimen signature;
  2. Sensitive Personal Information consisting of government-issued identifiers, as further described in Section 1.3;
  3. Know-Your-Customer and customer due diligence documentation, including photographs, selfies, copies of government-issued identification, proof of address, source of funds, and beneficial ownership information;
  4. Financial and credit information, including employment and employer details, occupation, income, bank account details for disbursement and payment, loan history, outstanding obligations, information on co-makers, guarantors, and references, collateral, and credit scoring data;
  5. Transaction information, including loan application data, loan terms, repayment schedules, payment history, delinquency status, and related communications;
  6. website and online identifiers, including IP address, browser type and language, operating system, cookies, session tokens, referring URLs, and website server logs, as further described in Section 5; and
  7. any other information you provide to us, or that we lawfully collect from third-party sources, in the course of your interactions with n90.


The specific categories of Personal Information collected for particular purposes (such as loan applications, vendor onboarding, employment, or partnership) are further described in Section 3 below.

1.3 In addition to Personal Information, n90 may also collect, use, and process Sensitive Personal Information, which refers to personal information (a) about your race, ethnic origin, marital status, age, color, and religious, philosophical, or political affiliations; (b) about your health, education, genetic or sexual life, or any proceeding for any offense committed or alleged to have been committed; (c) issued by government agencies peculiar to you, such as social security numbers, previous or current health records, licenses or their denials, suspension or revocation, and tax returns; and (d) specifically established by an executive order or an act of Congress to be kept classified.In the course of n90's lending operations, the Sensitive Personal Information most commonly collected from you includes government-issued identifiers such as your Tax Identification Number (TIN), Social Security System (SSS) number, Government Service Insurance System (GSIS) number, PhilHealth number, Pag-IBIG number, Unified Multi-Purpose ID (UMID), passport, driver's license, and PhilSys Number.
n90 processes Sensitive Personal Information only on the lawful bases set out in Section 13 of the DPA, including where required by law (such as Know-Your-Customer obligations under the Anti-Money Laundering Act) or with your specific consent.

2. Collection of Personal Data

2.1 Generally, we may collect Personal Information in the following ways:

  1. when you apply for a loan through emails, telephone calls or via our website or loan application or management system;
  2. when you enter into any agreement or provide other documentation or information in respect of your interactions with us;
  3. when you submit any form or application to us;
  4. when you interact with our staff, for example, via telephone calls (which may be recorded), letters, face-to-face meetings, social media platforms and emails;
  5. when you use our electronic services, or interact with us via our websites, and apps or use services on our websites;
  6. when you request that we contact you or request that you be included in an email or other mailing list;
  7. when you respond to our initiatives or to any request for additional Personal Information;
  8. during closed-circuit television (CCTV) recordings when you visit our premises; and through photo-taking or video recording at our premises or during n90's events, subject to your consent where required;
  9. when you submit an employment application or when you provide documents or information including your resume and/or CVs in connection with any appointment as an officer, director, representative or any other position;
  10. when we receive references from business partners and third parties, for example, where you have been referred by them with your consent;
  11. when we seek information from third parties about you and receive your Personal Information in connection with your relationship with us, for example, from business partners, public agencies, your ex-employer, referral intermediaries and the relevant authorities;
  12. through lookups with the Credit Information Corporation, accredited credit bureaus, and other databases for which n90 has the necessary authority to access, pursuant to Republic Act No. 9510 (the Credit Information System Act) and other applicable laws;
  13. through electronic document-execution platforms (such as DocuSign), used by n90 for the signing of loan agreements, disclosure statements, and related instruments; and
  14. when you submit your Personal Information to us for any other reasons.

2.2 When you browse our website, you generally do so anonymously but please see the section below on cookies.


2.3 If you provide us with any Personal Information relating to a third party (e.g. information of your spouse, children, parents, and/or employees), by submitting such information to us, you represent to us that you have obtained the consent of the third party to provide us with their Personal Information for the respective purposes.


2.4 You should ensure that all Personal Information submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to fulfill your requests, or delays in processing your requests.

3. Purposes for the Collection, Use and Disclosure of Your Personal Data

3.1 Generally, n90 collects, uses, processes and discloses your Personal Information for the following specific purposes on basis of the consent given (where applicable) for:

  1. transacting with you and providing our loan services and products;
  2. responding to your queries, feedback and requests;
  3. managing the administrative operations of n90 and complying with internal policies, reporting requirements and procedures;
  4. managing the safety and security of our premises and systems;
  5. facilitating business asset transactions (which may extend to any mergers, acquisitions or asset sales) involving any of our entities;
  6. conducting communication activities, including posting on our websites or social media platforms or inclusion into videos and marketing collaterals;
  7. requesting feedback or participation in surveys, as well as conducting market research and/or analysis for statistical, profiling or other purposes for us to design our services and products, understand customer behaviour, preferences and market trends, and to review, develop and improve the quality of our services and products;
  8. monitoring or recording phone calls for quality assurance, employee training and performance evaluation and identity verification purposes;
  9. matching any Personal Information held which relates to you for any of the purposes listed herein;
  10. hosting, storing or backing-up your Personal Information, which may be on third party servers or data clouds;
  11. legal purposes in connection with any claims, actions or proceedings (including but not limited to drafting and reviewing documents, transaction documentation, obtaining legal advice, and facilitating dispute resolution), and/or protecting and enforcing our contractual and legal rights and obligations;
  12. meeting or complying with any applicable rules, laws, regulations, codes of practice or guidelines issued by any legal, statutory or regulatory bodies which are binding on n90 (including but not limited to responding to regulatory complaints, disclosing to regulatory bodies, disclosures required in the public interest or emergencies and conducting audit checks, due diligence and investigations which may be carried out by statutory authorities); and/or
  13. purposes which are reasonably related to the aforesaid.

3.2 In addition, N90 collects, uses and discloses your Personal Information for the following purposes:

  1. if you are a borrower of N90:
    1. evaluating your financial capacity and ability to repay the loan based on income, expenses, and assets.
    2. determining your creditworthiness and  risk profile.
    3. verifying your identity
    4. streamlining loan approvals
    5. detect and mitigate fraudulent activities
    6. complying with legal and regulatory requirements
    7. monitoring loan repayment behavior to ensure compliance with loan terms.
    8. enhancing customer experience
  2. if you are a vendor of N90:
    1. assessing your suitability as vendor (i.e. external service provider, consultant, contractor etc.);
    2. managing requests for proposals or quotations, processing orders or managing supply of goods and/or services;
    3. processing and payment of invoices; and/or
    4. purposes which are reasonably related to the aforesaid.
  3. if you submit an application to us as a candidate for an employment or other post:
    1. evaluation and assessment of your suitability;
    2. conducting interviews;
    3. processing your application (including but not limited to pre-recruitment checks involving your qualifications and facilitating interviews);
    4. providing or obtaining references and for background screening;
    5. assessing your suitability for the position applied for;
    6. onboarding successful candidates and facilitating human resource planning and management; and/or
    7. purposes which are reasonably related to the aforesaid.
  4. if you are an employee of N90:
    1. staff orientation and entry processing;
    2. determining, processing and reviewing salaries, bonuses and other benefits;
    3. assessing your performance;
    4. considering and processing applications for continuing skills development and training, including organizing training and staff development programmes or events;
    5. administrative and support processes relating to your employment, including its management and termination, staff benefits, including travel, manpower, business continuity and logistics management or support, processing claims, training, learning and talent development, and planning or organizing corporate events;
    6. business continuity purposes;
    7. conducting analytics and research for human resource planning and management and developing, optimizing and improving work-related practices and environment;
    8. conducting internal investigations and proceedings, whistleblowing, internal monitoring and audits; and/or
    9. purposes which are reasonably related to the aforesaid.
  5. if you are a partner, investor, or shareholder of n90, or the authorized representative of such a partner, investor, or shareholder:
    1. partner and investor onboarding and Know-Your-Customer procedures, including beneficial ownership and sanctions screening;
    2. negotiating, executing, and administering partnership, investment, subscription, shareholders', and similar agreements;
    3. processing capital contributions, share issuance, dividends, distributions, and settlement;
    4. maintaining the stock and transfer book and other statutory registers under the Revised Corporation Code;
    5. managing corporate governance matters, including notices of meetings, proxies, and voting records;
    6. complying with reporting obligations to the Securities and Exchange Commission, Bureau of Internal Revenue, AMLC, and other regulators; and/or
    7. purposes which are reasonably related to the aforesaid.
  6. If you visit n90's offices or premises (whether as a client, counterparty, vendor representative, applicant, courier, auditor, regulator, contractor, or other guest):
    1. visitor management, including registration, identification, and tracking of your entry to and exit from n90's premises;
    2. premises security and safety, including the protection of n90's personnel, visitors, assets, and information;
    3. emergency response, evacuation, and headcount;
    4. incident response, investigation, and reconstruction; and/or
    5. compliance with lawful requests from regulators, law enforcement, or in legal proceedings.

A short-form Visitor Privacy Notice is displayed at the reception area of n90's offices.

3.3 n90 may send you marketing communications about its loan products, services, promotions, and related offers through email, SMS, voice call, or other electronic channels. n90 sends marketing communications only:

  1. where you have given specific, informed, and freely given consent to receive marketing communications from n90;
  2. where n90 has an existing customer relationship with you that permits such communications under applicable law, including on the basis of legitimate interest; or
  3. where otherwise permitted or required by law.

You may withdraw your consent or opt out of receiving marketing communications at any time and without cost, by clicking the unsubscribe link contained in any marketing email, replying with the appropriate keyword to a marketing SMS, or emailing the DPO at hello@n90.asia.


3.4 As a lending company, n90 is a mandatory submitting entity under Republic Act No. 9510 (the Credit Information System Act). n90 shall regularly submit your basic credit data to the Credit Information Corporation (the "CIC") in the form, manner, and within the timelines prescribed by the CIC and its implementing rules.

Basic credit data submitted to the CIC may include your identification information, loan account details, repayment history, outstanding balances, and credit performance. The CIC may share this credit data with its accredited special accessing entities (such as other lenders, credit bureaus, and financial institutions), in accordance with RA 9510 and the rules of the CIC.

You have the right to dispute any credit data submitted to the CIC that you believe is inaccurate or erroneous, by filing a dispute directly with n90 or with the CIC. n90 shall investigate the dispute, rectify any confirmed errors, and submit corrected data to the CIC within the period prescribed by the CIC.


3.5 As a lending company, n90 is a "covered person" under Republic Act No. 9160, as amended (the Anti-Money Laundering Act of 2001), and is subject to its implementing rules and the regulations of the Anti-Money Laundering Council (the "AMLC"). In compliance with these obligations, n90 collects, uses, and discloses your Personal Information for the following purposes:

  1. to perform Know-Your-Customer (KYC) procedures, customer due diligence, and enhanced due diligence, including the collection and verification of identification documents, source of funds, and beneficial ownership information;
  2. to screen you and your transactions against domestic and international sanctions lists, including the United Nations Consolidated List and any designations issued by the AMLC, and to identify and assess politically exposed persons;
  3. to file covered transaction reports and suspicious transaction reports with the AMLC, in the form and within the period prescribed by law;
  4. to maintain records of customer identification and transactions for the period required by RA 9160 and its implementing rules; and
  5. to comply with any other obligation arising under RA 9160 and related anti-money laundering and counter-terrorist financing laws and regulations.

The existence, filing, and contents of any covered transaction report or suspicious transaction report shall be treated as strictly confidential under RA 9160, and n90 shall not disclose the filing or contents of any such report, nor warn or "tip off" the subject of any such report.

3.6 n90 treats client information as strictly confidential, subject only to the disclosures permitted under the DPA, RA 11765, and related laws. n90 observes the consumer protection standards of disclosure and transparency, fair treatment, protection of client information, and effective recourse in its lending operations. You may raise any concern regarding the processing of your Personal Information or your treatment as a financial consumer through the channels described in Section 9 of this Policy.

4. Disclosure of Personal Information

4.1 n90 will take commercially reasonable steps to protect your Personal Information against unauthorized disclosure. Subject to the provisions of any applicable law, your Personal Information may be disclosed, for the purposes listed above (where applicable), to the following entities or parties, whether they are located in the Philippines or overseas:

  1. n90’s related corporations and employee(s); to address your questions and requests in relation to your interactions with us, to maintain and operate our systems and/or services;
  2. agents, contractors or third-party service providers who provide services to n90, such as cloud hosting, information technology, electronic document execution platforms (such as DocuSign, used for the signing of loan agreements and related instruments), bank statement analysis and credit assessment tools, loan management systems, identity verification, fraud detection, sanctions and anti-money laundering screening, courier services, telecommunications, payment, printing, billing, payroll, processing, collection agencies, technical services, security, or other services to n90;
  3. any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale) involving any of our entities;
  4. external banks and their respective service providers;
  5. insurance companies, guarantors, sureties, co-makers, and other risk-sharing counterparties, where the disclosure is necessary in connection with your loan or the underlying credit relationship
  6. industry associations, finance-sector bodies, and similar organizations of which n90 is a member, where the sharing is for credit reference, fraud prevention, and risk management purposes, subject to a Data Sharing Agreement;
  7. companies which provide corporate secretarial services;
  8. our professional advisers such as consultants, auditors and lawyers;
  9. relevant government ministries, regulators, statutory boards or authorities or law enforcement agencies to comply with any laws, rules, guidelines and regulations or schemes imposed by any governmental authority; and/or
  10. the Credit Information Corporation, accredited credit bureaus, and accredited special accessing entities;
  11. the Anti-Money Laundering Council; and
  12. any other party to whom you authorize us to disclose your Personal Information to.

4.2 Please note that the disclosures referred above may be subject to additional legal requirements under applicable law, if we do disclose your Personal Information, we will only do so to the extent necessary, proportionate and legally permitted.

5. Use of Cookies

5.1 When you interact with us on our websites, we automatically receive and record information on our server logs from your browser. We may employ cookies in order for our server to recognize a return visitor as a unique user including, without limitation, monitoring information relating to how a visitor arrives at the website, what kind of browser a visitor is on, what operating system a visitor is using, a visitor’s IP address, and a visitor’s clickstream information and time stamp (for example, which pages they have viewed, the time the pages were accessed and the time spent per web page).

5.2 Cookies are small text files stored in your computing or other electronic devices which allow us to remember you. The cookies placed by our server are readable only by us. Cookies are not programs and therefore cannot access, read or modify any other data on an electronic device. All web-browsers offer the option to refuse any cookie, and if you refuse our cookie then we do not gather any information on that visitor.

5.3 Should you wish to disable the cookies associated with these technologies, you may do so by changing the setting on your browser. However, you may not be able to use certain services or enter certain part(s) of our website.

5.3 n90 uses strictly necessary cookies for core site functions and, subject to your consent where required, performance and analytics cookies, functionality cookies, and advertising cookies. A cookie consent interface is displayed when you first visit n90's website, providing equally prominent options to accept, reject, or configure non-essential cookies, with no pre-ticked boxes. You may withdraw your consent to non-essential cookies at any time through the same interface. The specific cookies used by n90's website, their purposes, providers, and durations are described in n90's Cookies Notice published on the website.

6. Your Rights as a Data Subject

6.1 You have the following rights as a data subject under the DPA, which may be exercised by contacting n90 in writing:

  1. Right to Be Informed: To know how your data is collected, used, and shared.
  2. Right to Access: To request a copy of your personal data.
  3. Right to Correction: To correct inaccurate or outdated data.
  4. Right to Object: To refuse the processing of your data for certain purposes.
  5. Right to Erasure: To request deletion of your data, subject to legal or contractual obligations.
  6. Right to Data Portability: To request your data in a commonly used electronic format.
  7. Right to File a Complaint: To lodge a complaint with the National Privacy Commission.
  8. Right to Damages: To be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data.

6.2 Without prejudice to n90's internal complaint-handling procedure described in Section 9 of this Policy, you may also file a complaint directly with the National Privacy Commission.

7. Data Security

7.1 n90 will take reasonable efforts to protect Personal Information in our possession or our control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks.


We implement appropriate organizational, technical, and physical measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include but are not limited to:

  • Encryption: Ensuring that sensitive data is encrypted during transmission and storage to prevent unauthorized access.
  • Access Controls: Restricting access to personal data to authorized personnel only, based on the principle of least privilege.
  • Regular Security Audits: Conducting regular audits and assessments to identify and address vulnerabilities in our systems.
  • Secure Software Development: Employing secure coding practices to minimize risks associated with software vulnerabilities.
  • Incident Response Plan: Maintaining a comprehensive incident response plan to address potential data breaches promptly and effectively.
  • Data Minimization: Collecting only the personal data necessary for the purposes outlined in this policy and retaining it only for as long as needed.
  • Physical Security: Securing physical locations where personal data is stored to prevent unauthorized access or theft.

However, we cannot completely guarantee the security of any Personal Information we may have collected from or about you, or that for example no harmful code will enter our website (for example viruses, bugs, trojan horses, spyware or adware). You should be aware of the various associated risks with using websites.

7.2 While we strive to protect your Personal Data, we cannot ensure the security of the information you transmit to us via the Internet or otherwise and we urge you to take every precaution to protect your Personal Data when you are on the internet or use such platforms.

7.3 If applicable, you undertake to keep your username and password secure and confidential and shall not disclose or permit it to be disclosed to any unauthorized person, and to inform us as soon as reasonably practicable if you know or suspect that someone else knows your username and password or believe the confidentiality of your username and password has been lost, stolen or compromised in any way or that actual or possible unauthorized transactions have taken place. We are not liable for any damages resulting from any security breaches, on unauthorized and/or fraudulent use of your username and password.

7.4 In the event of a personal data breach that is likely to give rise to a real risk of serious harm to affected data subjects, n90 shall notify the National Privacy Commission and the affected data subjects within seventy-two (72) hours from knowledge of, or reasonable belief that, the breach has occurred, in accordance with the DPA and its implementing rules. n90 has constituted a Data Breach Response Team, led by the DPO, responsible for the immediate investigation, containment, and response to personal data breaches and security incidents.

8. Data Transfer and Data Retention

8.1 n90 may transfer your Personal Information to entities located outside the Philippines, including affiliates, subsidiaries, and third-party service providers such as cloud service providers and electronic document execution platforms. n90 shall transfer your Personal Information outside the Philippines only where: (a) the transfer is necessary for a purpose permitted under the DPA; (b) n90 remains accountable for the personal data so transferred; and (c) the receiving entity is bound, by contract or other legally enforceable means, to afford the personal data a level of protection comparable to that required under Philippine law, including, where appropriate, through the use of model contractual clauses or other recognized transfer mechanisms.

8.2 n90 retains your Personal Information only for as long as is necessary for the purposes for which it was collected, or as required by applicable law. The following illustrative retention periods apply to common categories of records:

  1. loan account records (including KYC and AMLA records): ten (10) years from the date of closure of the account or termination of the business relationship;
  2. credit application records for unfunded or rejected applications: five (5) years from the date of the last action on the application;
  3. accounting books of account and supporting documents: ten (10) years from the close of the taxable year, in accordance with the National Internal Revenue Code;
  4. employee records: five (5) years from separation from n90, or longer if required by labor and tax laws;
  5. marketing consents and communications records: three (3) years from withdrawal of consent or last interaction, whichever is later;
  6. CCTV footage: thirty (30) days, except where preserved for investigation of an incident or related legal proceedings; and
  7. website and application access logs: one (1) year from collection, or longer if required for security investigation.

Retention periods are counted from the termination, closure, or last activity of the relevant account or relationship, unless otherwise stated. Any third party that processes Personal Information on n90's behalf is required to dispose of the Personal Information in accordance with the agreed retention period under their engagement contract.

9. Contact Us

9.1 If you have any questions, feedback, requests, or complaints relating to your Personal Information or this Data Privacy Policy, you may contact n90's Data Protection Officer:

Head of Legal and Compliance / Data Protection Officer 

n90 Financing Corp. 10th Floor, Century Pacific Tower, 5th Avenue corner 30th Street, 4th Avenue, Bonifacio Global City, Taguig City, Philippines 

Email: hello@n90.asia

You may contact the Data Protection Officer if you wish to:

  1. raise any question or concern relating to your Personal Information or this Data Privacy Policy;
  2. exercise your rights under Section 6 of this Policy;
  3. withdraw your consent to any use of your Personal Information as set out in this Data Privacy Policy; or
  4. request access to, or correction of, your Personal Information records.

9.2 Please note that if your Personal Information has been provided to us by a third party (e.g. a referrer, or your company), you should contact that organization or individual to make such queries, complaints, and access and correction requests to n90 on your behalf.

9.3 If you withdraw your consent to any or all use of your Personal Information, depending on the nature of your request, n90 may not be in a position to continue to provide its products and services to you, administer any contractual relationship in place, which in turn may also result in the termination of any agreements with n90, and your being in breach of your contractual obligations or undertakings. n90’s legal rights and remedies in such an event are expressly reserved.

10. Links to Third-Party Website(s)

10.1 Our website or application system may contain links to other third-party operated websites over which we have no control over. We are not responsible for the privacy and/or data protection practices of such third-party operated websites that are linked to our website or application system. Once you have left our website by clicking a relevant link, your use of that third-party website will be governed by the privacy or data protection policy of that website.

11. Governing Law

11.1 This Data Privacy Policy and your use of this website shall be governed and construed in all respects by the laws of the Republic of the Philippines.