Data Privacy Policy

Last Updated: 2025-06-23

PHILIPPINES VASTNESS LENDING CORPORATION (hereinafter referred to as "we" or "us") and its online credit App Vplus ("we") place great importance on the security and protection of users' personal data. This Privacy Policy explains how we collect, use, and protect your personal information when you register, use the App's services, or apply for credit.

Please read this policy carefully before using the App. Your registration or use of the App constitutes your consent to all terms of this policy. If you disagree, please do not access or use the App. You also confirm that you have reached the legal age and have full legal capacity.

1. Company Information Disclosure

  • Company Name: PHILIPPINES VASTNESS LENDING CORPORATION
  • SEC Registration Number: CS201918401
  • Business Financing/Loan (CA) Authorization Certificate Company Number: NO.3158
  • Company Address: Soho Unit 314 3rd floor Avida Cityflex Towers BGC, 7th Avenue, North Bonifacio Global City Taguig NCR 1635

2. Who Will Process Your Data

2.1 Data Controller

PHILIPPINES VASTNESS LENDING CORPORATION (“we” or “us”): As the operator of this App, we determine the purposes and methods of processing your personal data, and bear ultimate responsibility for its security and compliance.

2.2 Data Processors

Includes internal departments or subsidiaries of Vplus, such as IT, customer service, and risk control, handling system maintenance, customer support, and credit assessment.

2.3 Third-Party Service Providers

Data Storage Providers, payment settlement, SMS/email notifications, anti-fraud and credit reporting, etc.

2.4 Legal and Regulatory Disclosures

We may be required to disclose your personal data to courts, financial regulators, or other legally authorized bodies as required by applicable laws and regulations.

3. Principles & Legal Basis of Data Processing

3.1 Data Processing Principles

  • Lawfulness, Fairness, and Transparency: Data processing is conducted for clear and legitimate purposes, in a fair and just manner, with full disclosure of data handling rules and processes.
  • Data Minimization: We collect only the minimum personal data necessary to achieve the stated purposes.
  • Purpose Limitation: We use your data solely for the specific, explicit, and legitimate purposes stated at the time of collection and do not further process it in a manner incompatible with those purposes.
  • Accuracy: Take measures to ensure the accuracy of collected personal data and support your requests to correct erroneous information.
  • Security Safeguards: We protect data security through technical and administrative measures to prevent unauthorized access, disclosure, or damage.

3.2 Legal Basis for Data Processing

  • User Consent: We obtain your explicit consent in advance for collecting sensitive information or data beyond basic service needs (e.g., by checking agreements, pop-up confirmations).
  • Contract Performance: Necessary personal data processing to fulfill service contracts with you (e.g., credit applications, account management) to complete transactions or provide services.
  • Legal Compliance: Data processing in accordance with the requirements of relevant laws and regulations for business development.
  • Legitimate Interests: Processing based on our or a third party's legitimate interests, such as security audits or fraud prevention, provided it does not override your rights and freedoms.

4. Information We Collect

4.1 Personal information

  • Identity information: name, date of birth, legal identity documents (e.g., ID card/passport), address, gender, marital status, contact information (phone number, email address).
  • Account information: mobile phone number, verification code, device identification code, and login logs.

4.2 Biometric information

  • Facial-scan biometric data.

4.3 Work information

  • Employer name, contact information, position, years of work, income status.

4.4 Financial data

  • Bank account information, credit card status, salary status.

4.5 Personal contacts

Collected after authorization: some contact information in the mobile phone address book and the relationship with you.

4.6 Information collected during service usage (collected after authorization)

  • Device Information: Device model, operating system and version, device language, system time zone, screen resolution, etc.
  • IP Address
  • App Usage Logs
  • Cookies and Similar Technologies
  • Permissions-Based Data (With User Authorization): Camera Permission, Memory Permission, Location Information.

5. How We Collect and Purposes of Collection

5.1 How We Collect Data

  • User-Provided Data: We collect information when you register, fill out forms, or interact with our App.
  • Automated Data collection: We automatically gather data through technologies like cookies and logs.

5.2 Purposes of Collection

  • Identity Verification & Compliance: verify your identity and comply with anti-money laundering, fraud prevention, and regulatory obligations.
  • Service Provision & Account Management: Enable and manage your account, process loan applications, execute transactions, and send important notifications.
  • Credit Assessment & Risk Management: Assess your creditworthiness, repayment capacity, and identify potential risks.
  • Customer Support & Communication: Respond to inquiries, handle complaints, provide personalized services, and gather user feedback.
  • Product Improvement & Marketing: With your explicit consent, improve product features, enhance user experience, and conduct targeted marketing.

5.3 Data Collection After Authorization

  • Camera Access: Used to capture ID photos, selfies, or perform facial recognition for identity verification.
  • Memory Access: Temporarily stores app data or images locally to ensure smooth operation and improve user experience.
  • Location Access: Your location data helps with identity verification, fraud prevention, and risk assessment.
  • Device Information: We collect Android ID, device status, and system versions to help with device profiling, risk control, and account protection.

6. Data Storage & Retention

6.1 Storage Location

All data is stored on secure servers at https://vplusapp.vastness-ph.com.

6.2 Retention Period

  • Identity verification and transaction records: Retained for 5 years as per AML regulations.
  • Account data and service logs: Retained for 6 months after account closure.
  • Data Anonymization: Data beyond retention periods is permanently deleted or anonymized to prevent personal identification.

7. Data Protection Measures

7.1 Encryption

Sensitive data is encrypted both during transmission and at rest to prevent unauthorized access.

7.2 Access control

We strictly limit the access rights of internal personnel, and only authorize necessary personnel to handle data.

7.3 Security audit

We regularly conduct security audits and vulnerability assessments to identify and reduce potential risks.

7.4 Employee training

Our employees regularly receive training in data protection and privacy practices to ensure they handle your information securely.

7.5 Data integrity

We take measures to maintain the integrity of your data and prevent unauthorized changes or deletions.

8. Your Rights as a Data Subject

You have the following rights to your personal data:

  • Access & Copy: You can obtain a copy of the personal data we hold about you.
  • Rectification: You can correct inaccurate or incomplete information.
  • Erasure: Within the scope of the law, you can apply to delete data.
  • Restrict Processing: You can request to suspend the processing of data.

For more details, contact our support team via the App or at customer.support@vastness-ph.com. All requests will be handled within the legally required timeframe.

9. Protection of Minors

Our services are intended for users of legal age only. We do not knowingly collect personal data from minors under 18. Any such data will be promptly deleted.

  • Age Restriction: We do not knowingly collect or process personal data from minors under 18.
  • Data Removal: Contact us to delete data if a minor submits information without authorization.

10. Policy Updates

We may amend this Privacy Policy from time to time and will notify you in-app or by email/push. Changes take effect upon posting; your continued use constitutes acceptance.

11. Inquiries & Contact

For any questions or to exercise your data principal rights, please contact:

We're here to help—reach out for any questions or rights requests.