PRIVACY STATEMENT #
M LHUILLIER is committed to fully uphold, respect and protect your personal data privacy in accordance with Republic Act No. 10173 (the Data Privacy Act of 2012 or DPA), its Implementing Rules and Regulations (IRR) and other applicable laws of the Republic of the Philippines governing privacy of individual personal information and of communication.
We performed the processing of your personal data in a detailed manner as expressed in our privacy notices in both electronic and manual processing.
M LHUILLIER assures you that upon processing your personal data, we follow the provisions of DPA, especially the general data privacy principles of Transparency, Legitimacy of its Purpose and Proportionality.
PRIVACY NOTICE #
M LHUILLIER official website https://mlhuillier.com/
OUR PRODUCTS AND SERVICES #
Car Loan
Home Loan
Insurance
Jewelry
Kwarta Padala
MCash
ML ShopSafe
ML Express
ML Moves
ML Payroll Pro
Money Changer
Quick Cash Loans
Telco, Gaming & TV Loading
OUR DATA SUBJECT #
Financial and non-financial Customers and their beneficiaries, where applicable
Tie-Up Partners and Corporate Partners' and Remittance Sub-Agents' Individual Stockholders, Directors, Senior Officers, Beneficial Owners and other Stakeholders, who are natural persons and their customers;
Suppliers and/or their authorized representatives
Job Applicants
Employees and their beneficiaries
Project-Based / Seasonal Employees
Interns / OJT
Individual Consultants
WHAT WE COLLECT AND PROCESS #
Depending on our relationship and/or the products or services availed or will be availed from us, we collect and process the following personal data such as:
Personal Information (any information from which the identity of an individual is apparent of can be reasonably and directly ascertained, or when put together with other information would directly and certainly identify an individual).
Sensitive Personal Information (information about an individual's race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations, health, education, genetic or sexual life, proceeding for any offense committed or alleged to have been committed by an individual, government issued IDs and those established by an executive order or an act of Congress to be kept classified) such as but not limited to the following:
Name
Address
Date and place of birth
Nationality
Civil status
Gender
Contact details
Identification card/document
Photograph
Specimen signature or biometric of the person
And when or where necessary: #
Nature of Work or Activity
School
Source of Income
Link, which refers to either relation or connection to a party or the other party to the transaction, where applicable
Moreover, M Lhuillier may collect other personal data that are relevant and necessary to demonstrate its obligation of providing a better assistance to the data subject.
WHY WE COLLECT AND PROCESS #
In processing your personal ddata, your consent is important to us, however, we may also process personal data in accordance with Section 12 or Section 13 of the DPA.
As non-bank financial institution, regulated by the Bangko Sentral ng Pilipinas (BSP), we collect your information....
To establish, identify and confirm or verify the identity that you represented or hold out to M Lhuillier.
To process your transaction/s for or application/s of a product or service.
To assist you of your inquiries, concerns or even complaints.
To comply with any legal and regulatory obligations as mandated by the BSP, the Anti-Money Laundering Council (AMLC) and other regulatory bodies.
We also collect your information... #
To understand your need better and to protect your interest and your transaction.
To make sure that the data we hold about you is correct and up-to-date.
To inform you about our new offer/promotions of products and services and to tailor the delivery of our marketing campaigns.
HOW WE COLLECT AND PROCESS #
We require you to fill up forms or obtain your information in any electronic means and request submission of your identification document to avail of our products and services and other applications (for employment or tie-up agreement).
If you contact us via telephone or customer service hotlines or via websites or thru social media sites to request information about our products and service
M Lhuillier also collects your information from people acting on your behalf/or duly authorized representative.
Your personal data may be processed manually and /or electronically.
M Lhuillier collects personal data only for predefined and lawful purposes.
HOW WE USE, STORE, RETAIN AND DISPOSE #
M Lhuillier uses your personal data to process your transaction, to carry out our obligations to our licensing government institution/s, and to you, as part of our agreement, and to maintain and manage your records with us.
When we contact/send you communication about the transaction/product or services you availed of.
When we use your information to comply with our legal obligations with regulatory or law enforcement bodies.
We store, maintain and retain your personal data in a secured and safe environment for a period of five (5) years from your last transaction and contact with us, and for as long as required by AMLA, BSP rules, and relevant laws and regulations.
For job applicants, who did not qualify or pursue their employment, application records are retained for approximately six (6) months to one (1) year.
We may keep your information longer than indicated if deemed necessary for legal, regulatory, or technical reasons.
We may also keep it for research or statistical purposes. If we do so for these reasons, we make sure that your privacy is protected and only use it for such specified purposes. The company is committed to taking good care of your personal data with stringent security measures in place.
We dispose of it/them in a secure manner through shredding and/or anonymization and deletion of data where applicable, and after clearance from proper department within the company. We will ensure that the personal information shall no longer be retrieved, processed, or accessed by unauthorized persons once disposed.
WHO DO WE SHARE YOUR PERSONAL DATA WITH #
M Lhuillier discloses or shares your personal data only as required by law, rules, or legal arrangements. This may include affiliated companies, remittance and business partners that support our operations, financial and legal consultants, and government authorities, when necessary under data sharing or outsourcing agreements, or through legal processes. The extent of data sharing is strictly limited to what is necessary for specific purposes, such as identity verification, transaction processing, fraud prevention, compliance checks, or customer support. All data sharing is governed by contracts or agreements that include clear privacy and security obligations. M Lhuillier ensures that all disclosures are permitted under Section 12 or 13 of the Data Privacy Act of 2012
KNOW ABOUT YOUR RIGHTS #
1. Right to be informed. To be informed as to reason of collecting, processing, use and storing of your personal data.
2. Right to object on how your information was used. To object to the use of your information for legitimate interests including automated processing or profiling and direct marketing. However, doing so may disallow M Lhuillier to provide you with the service requested, or with the appropriate advice needed. Except that processing of data pursuant to a subpoena, when necessary or desirable in the context of an employer-employee relationship, or as a result of legal obligation, where consent of customer is not necessary.
If you wish, M Lhuillier may stop sending you marketing messages tailored to your need. However, you might still see some general marketing messages from us, but these won't be targeted to you. In any event, such promotional email or SMS communication contain instructions on how to unsubscribe.
3. Right to access your information. To ask M Lhuillier for a copy of any information we hold of you. This is called a Data Subject Access Request (DSAR). This will also help M Lhuillier to ensure and maintain the accuracy of the information collected and being used.
4. Right to rectification. To ask M Lhuillier to correct your information held by it that you feel inaccurate or incomplete or both. M Lhuillier will immediately and accordingly act on it unless it finds the request unreasonable.
M Lhuillier will cause the rectification or updating of your data to the organization whom it shared your personal data with.
5. Right to data portability. To obtain and reuse your personal data for your own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
6. Right to Erasure or Blocking. To suspend, withdraw or order the blocking, removal or destruction of your personal data. You can exercise this right upon discovery and substantial proof that your personal data is incomplete, outdated, false, or unlawfully obtained or used; or where the right to use retention of what is otherwise proper, true and correct, has already ceased/expired.
M Lhuillier will update its data sharing and outsourcing agreement, if any, and where applicable, to effectuate this right and be consistent with this obligation.
7. Right tobe indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of, personal data.
8. Right to complain. You may seek assistance from any of M Lhuillier's branch personnel, customer care hotline, or through the contact information provided herein.
Please note that our opinion pertaining to your request may differ for any legal, regulatory or technical issues.
LIMITATION OF RIGHTS #
The preceding rights in relation to processing of your personal data shall not apply if such is being used for the purpose of scientific/statistical research, or investigations in relation to criminal, administrative or tax liabilities that you are involved with and provided that M Lhuillier only processes the same when it is deemed necessary to the minimum extent, to achieve the purpose of research and or investigation.
CONFIDENTIALITY AND SECURITY #
M Lhuillier implements reasonable, appropriate and adequate organizational, physical and technical security measures, to maintain the availability, integrity and confidentiality, and for the protection of personal data collected, processed and stored against any accidental or unlawful destruction, alteration, disclosure and processing.
Technical security measures include encrypting personal data both in transit and at rest, and enforcing password protection with multi-factor authentication. Access is controlled through least-privilege and just-in-time protocols. Servers and desktops are secured with firewalls, antivirus software, and regular updates, while administrator access is limited. Continuous monitoring of server logs and regular vulnerability assessments and penetration testing (VAPT) are conducted to detect and address potential threats.
Organizational security measures include implementing a clear-desk policy, securing paper files under lock and key, restricting access to authorized personnel only, and shredding documents upon disposal. Company-wide awareness is promoted through regular training, integration of privacy practices in HR, alignment with NPC guidelines, and the development of a Privacy Manual. Additional measures include maintaining data processing inventories, conducting Privacy Impact Assessments (PIAs), and appointing a Data Protection Officer (DPO) and Compliance Officers for Privacy (COP).
Physical security measures include the use of CCTV with proper warning signage, locks, and padlocks. Workstations are secured with fire extinguishers, which are in place for safety. These controls help protect personal data and critical assets from unauthorized physical access or damage.
Moreover, M Lhuillier makes sure that adequate policies are in place to ensue appropriate security incident management in compliance with the existing NPC policies, circulars, and other issuances. In addition, it also makes sure that only authorized personnel shall have access on your personal data: that there is proper orientation and training program for employees, agents or representatives, regarding privacy and security policies and as regards the extent of their obligations thereunder.
CHANGES TO THE PRIVACY NOTICE and/or STATEMENT #
M LHUILLIER reserves the right to update/amend/revise this privacy notice and/or statement at any time to make sure it is up to date and will provide a new policy notice and/or statement whenever there are significant changes.
CONTACT US #
For concerns about our products and services:
📧 customercare@mlhuillier.com
📞 0947-999-0337/ 0522/ 2721/ 2472/ 0917-871-2973
For concerns about Data Privacy:
📞(032) 380-3000
To Request Assistance and Complaint Form
TO KNOW MORE ABOUT R.A. 10173 or DPA and its RIRR, please visit the website of the National Privacy Commission (https://www.privacy.gov.ph)
DPO (Data Protection Officer) | DPS (Data Processing System) #
