User Privacy Agreement

Scope and Basis of the Agreement

This Privacy Agreement (hereinafter referred to as the "Agreement") applies to your access or use of Sky Peso (hereinafter referred to as the "App"). DELISHA LENDING INVESTOR AND TRADING CORP. (hereinafter referred to as "we" or "our") is the operator of this App, conducting business legally and is committed to protecting the information collected from you. This Agreement explains how we regulate the collection, storage, use, and protection of personal data.

Please read this Agreement carefully before using the App. By using the App, you signify your acceptance of the information-handling practices described in this Agreement.

1. Types of Data Collected

Personal Data

• Identity Data: Includes your full name, images of valid government-issued IDs (such as driver's licenses, passports, UMID, TIN, etc.), facial recognition images, nationality, marital status, age, and applicable identification numbers. This information is crucial for us to identify you and ensures that the services provided to you are accurate and secure.
• Contact Data: Contains your phone number, email address, address, and social media accounts (which you can choose to provide). Through these contact details, we can communicate with you in a timely manner and offer you a high-quality service experience.
• Device Identification Data: Such as Android ID, device model, and operating system version. This data helps us better adapt the App to your device and ensures its stable operation on your device.
• Permission-Related Data: Images obtained through the camera permission (collected mainly for identity verification) and approximate location data (collected through the location permission for user-experience optimization and fraud prevention). We are well aware that this data involves your privacy, so we will strictly follow relevant principles when using it.
• Account and Financial Data: For example, your approximate income range, employment status, bank account information, and transaction history with us. This information is essential for us to provide you with personalized financial services.

Information from Third Parties

We obtain information related to you from credit reporting agencies and public sources within the scope permitted by law. This information will serve as an important reference for our credit assessment and fraud prevention to ensure that the financial services we provide to you are safer and more reliable.

2. Usage Data

Automatically collected data related to the use of this App, including but not limited to: the time you spend on each page within the App, the number of times the App is opened, loan application events, crash logs, diagnostic data, and network connection status (such as online/offline status and network type). By analyzing this data, we can continuously optimize the performance of the App and enhance your user experience.

3. Data Collection Methods

Personal data may be collected manually or automatically from various sources, such as your direct analysis of how to use the service and your interaction with the service, publicly available records or registries, government agencies, regulatory or law-enforcement agencies, third-party service interfaces. This data is only collected when you explicitly agree to the disclosure and use of your personal information.

4. Data Processing Methods and Locations

Processing Methods

We will process your data in a reasonable and necessary manner and take security measures to prevent unauthorized access, disclosure, modification, or loss. Data processing is carried out through computer systems and IT tools, following strict management procedures.

Except for us, only relevant operational personnel or authorized third-party service partners (such as communication and SDK providers) may access your data when it is necessary to provide services. We will also impose strict management and confidentiality requirements on them.

Processing Locations

Data is processed in the operational offices of the data controller and any other locations where the parties involved in the processing are located. For more information, please contact the data controller.

5. Purposes of Information Use

Identity Verification and Service Handling

• Use the images obtained through the camera permission to verify your identity (such as taking pictures of government-issued identity documents and conducting facial recognition) and complete the "Know Your Customer" (KYC) process.
• Process your loan applications, evaluate your loan eligibility, and complete loan-related services such as payment and repayment tracking.

Risk Prevention and Security Assurance

• Use location data to optimize the user experience, strengthen risk control, and detect potential fraudulent activities.
• Analyze network connection status to ensure service security, strengthen fraud prevention measures, and protect account security.

Service Optimization and Maintenance

• Analyze usage data, crash logs, and other information to improve the performance and stability of the App and optimize its functions and user experience.
• Analyze user behavior (such as in-app interaction data) to optimize product functions and the user experience, and carry out system management, service quality monitoring, and statistical reporting.

Compliance and Legal Matters

• Fulfill legal and regulatory obligations, such as anti-money laundering, anti-terrorist financing, and regulatory compliance requirements, or provide necessary data in response to legitimate requests from governments and judicial authorities.

Service Operation

• Manage your account, handle repayment matters, provide customer support, resolve disputes, and communicate with you regarding service-related issues.

6. Device Permissions for Accessing Personal Data

Sky Peso only requests necessary permissions when providing core services and strictly adheres to the principle of minimization:

• Camera Permission: It is only used for identity verification (taking pictures of identity documents and face recognition). All images are encrypted during transmission and stored securely, and will not be used for other purposes.
• Location Permission: It is used for risk assessment, fraud prevention, and improving the service experience. This permission is optional, and you can turn it off at any time in the device settings.
• Network Status Access: It is used to ensure the security and continuity of loan applications, disbursements, and account services, and to assist in detecting high-risk network access. We will not access or store data unrelated to your network activities.
• SMS Permission: It is only used to locally filter finance-related SMS snippets for credit scoring and fraud detection. These snippets are encrypted and transmitted to our secure server (https://ph.skypeso.com/) and will never be stored in full or used for any other purpose.
• App List Permission: It is only used to scan and encrypt finance-related installed-app information for anti-fraud checks and risk-model assessment. Only relevant app information is encrypted and uploaded to our secure server (https://ph.skypeso.com/). No unrelated app data is collected, accessed, or disclosed.

7. Principles of Information Sharing

We solemnly promise that we will not sell your personal information. We will only share your information with third parties in the following situations:

• With Your Explicit Consent: After obtaining your clear authorization.
• For Business Partners: When providing services, we may share data with partners who provide us with technical support, cloud storage, data analysis, payment processing, etc. We require them, through agreements, to use the data only when performing services on our behalf and to adopt equivalent security protection measures.
• Within the Group of Affiliated Companies: For the purpose of unified management and providing consistent services within our corporate group.
• Legal and Regulatory Requirements: To respond to legitimate requests from courts, government agencies, regulatory bodies (such as the National Privacy Commission NPC and the Anti-Money Laundering Committee AMLC).
• Business Transactions: In cases of company mergers, acquisitions, or asset sales, your information may be transferred to a new entity. We will ensure that it remains subject to this policy.

All data sharing is subject to strict contractual agreements to ensure that your data receives the same level of protection.

8. Data Retention and Deletion

Retention Period

Data will be retained for the time required to provide the services you request or to achieve the purposes described in this Agreement. Generally, personal data, registration records, and transaction records will be retained for up to five (5) years by third-party storage providers, or for the period required by the Philippine National Privacy Commission and applicable laws and regulations. The retention period may be extended if it is necessary to establish, exercise, or defend legal claims, for legitimate business purposes, or to comply with industry standards.

You can request us to suspend or delete your data at any time.

Data Deletion

• Active Deletion Request: If the data is no longer needed, the processing lacks a legal basis, the use is illegal, or you withdraw your consent, you can request the deletion of the data. You can apply for the permanent deletion of your account and related data through the "Account Deletion" function in Sky Peso (Path: My > Settings > Delete Account). We will process your request within 15 working days after submission.
• Special Situation Handling: If your account is involved in unsettled loans or ongoing legal disputes, the account deletion process will be suspended. We will notify you via in-app messages and emails. You can re-apply for deletion after the issues are resolved. After the account is successfully deleted, all personal data (such as identity information, transaction records, and biometric data) except for data required to be retained by laws and regulations will be permanently destroyed.
• Automatic Deletion: When the data exceeds the retention period or is found to be incomplete, outdated, false, illegally obtained, or used for unauthorized purposes, we will automatically suspend, block, delete, or destroy the data.

9. Data Security Measures

We are committed to maintaining a reasonable level of information security and implementing physical, technical, and organizational security measures to protect your data:

1. Physical Security: We take physical security measures for the places where paper files are stored to ensure the safety of hard-copy files.
2. Technical Security: We employ encryption technologies (e.g., using TLS 1.3 encryption for data transmission and encrypting stored data), firewalls, and isolated storage. Data is uploaded to a secure server (https://ph.skypeso.com/) that uses a firewall for storage, restricting data processing to an authorized system and disallowing unauthorized human access.
3. Organizational Security: Only qualified and authorized personnel can access personal data. We provide data security training to our employees, sign agreements with third parties requiring them to protect data according to our security standards, and conduct regular risk assessments to review and adjust security measures.

Although we have taken the above measures, there are inherent risks in Internet communication, and we cannot guarantee absolute data security. We will not be liable for violations caused by risks beyond reasonable control.

10. User Rights and How to Exercise Them

User Rights

According to applicable laws, you, as a data subject, have the following rights:

• Right to Know: You have the right to know how we collect, use, and share your personal information.
• Right to Correction: You have the right to request the correction of inaccurate or incomplete personal data.
• Right to Deletion: You have the right to request the deletion of your personal data when permitted by law.
• Right to Restrict Processing: You have the right to request the restriction of our data processing in specific situations.
• Right to Withdraw Consent: You have the right to withdraw your previous consent for the processing of your personal data at any time.

How to Exercise Rights

You can submit an application by sending an email to [email protected] or through the customer service channels in Sky Peso. The request should include your identity information and specific needs, and supporting materials may be required if necessary. We will reply to your request within 15 working days after receiving it. If an extension is needed, we will notify you in advance, and the extension period will not exceed 30 working days.

11. Agreement Updates and Notifications

We may update this Agreement according to changes in laws, services, or business operations:

• Major Changes: We will notify you at least 7 days before the changes take effect through in-app pop-ups, text messages, or emails. Your consent will be obtained if necessary.
• Minor Changes: We will announce the changes on this Application and our official website and update the "Last Revised Date".

By continuing to use the Application, you agree to the updated terms. If you do not agree, you can stop using the Application and request the deletion of your data.

12. Contact and Consultation

If you have any questions, concerns, requests (such as exercising data subject rights), or complaints about this Agreement, or if you need to know more detailed information about data collection and processing, you can contact us through the following official channels:

We will reply to all your inquiries within 10 working days after receiving your complete request (including necessary supporting documents).

13. Company Information

This Agreement is issued by DELISHA LENDING INVESTOR AND TRADING CORP., a legally registered and licensed financial institution in the Philippines that complies with relevant laws and regulations. The specific company registration information is as follows:

• Company Name: DELISHA LENDING INVESTOR AND TRADING CORP.
• SEC Registration Number: CS201309137
• Authorization Certificate (issued by the Securities and Exchange Commission): 1467