Privacy Policy

I. PRIVACY POLICY

MESALA values the privacy and confidentiality of the personal data and account information of its customers and other data subjects. Accordingly, MESALA ensures that these personal data and account information are lawfully processed in faithful compliance with the requirements provided under the Data Privacy Act, its implementing rules and regulations, other regulatory issuances and applicable covenants, data protection policies and best practices.

In line with this, MESALA shall adhere to the data privacy principles of transparency, legitimate purpose and proportionality in the processing of the personal data and account information of its customers and other data subjects and accordingly guarantee, in the course of its business and operations, that:

1. A. MESALA’s data subjects understand the nature, purpose, and extent of the processing of their personal data, including the risks and safeguards involved, the identity of personal information controller, their rights as a data subject, and how these can be exercised.
2. MESALA’s processing of personal data is compatible with a declared and specified purpose which must not be contrary to law, morals, or public policy.
3. MESALA’s processing of personal data is adequate, relevant, suitable, necessary, and not excessive in relation to a declared and specified purpose.

More importantly, MESALA shall commit to strengthen its organizational, physical, and technical security measures for the protection of personal data in order to maintain the availability, integrity, and confidentiality of personal data and account information and protect these data from any accidental or unlawful destruction, alteration, and disclosure, as well as against any other unlawful processing. MESALA shall ensure that the measures are implemented to protect personal data against natural dangers such as accidental loss or destruction, and human dangers such as unlawful access, fraudulent misuse, unlawful destruction, alteration and contamination.

II. PERSONAL DATA COLLECTED BY MESALA

MESALA shall collect personal data and account information pursuant to, in the course of, or incidental to the conduct of, its business and operations, including any data voluntarily provided by the data subjects, collected from publicly-available sources, or gathered from, or validated with, third parties such as government agencies, regulators, tax authorities and judicial and quasi-judicial bodies. Specifically, these personal data and account information may include data:

1. From members
   1. Data provided when filing out and/or submitting MESALA forms such as Membership Application Form, Loan Application Form, Deposit or Withdrawal Form, and other forms and supporting documents relating to MESALA products, services, or investments, including, but not limited to, name, birthdate, employment information, contact information, government-issued identification cards, family or customer’s representative information, specimen signature, and disclosure on politically exposed persons;
   2. Information provided when interacting or doing business with MESALA trustees, officers, employees, consultants, and other personal information processors in relation to MESALA products, services, or investments, including voice recordings of telephone conversations, closed circuit television (CCTV) images and audio-visual recordings taken in MESALA premises, and transaction details with third party merchants;
   3. Data collected when using MESALA products and services through online or technology platforms like MESALA website or when relaying queries or concerns regarding MESALA, its business or operations;
   4. Information generated in the ordinary course of business such as customer-profiling, market research and cross-referencing, and data validation with third parties;
   5. Information received by and/or disclosed to MESALA pursuant to the requirements of Anti-Money Laundering Act (AMLA), Credit Information System Act, applicable rules and regulations of the Bangko Sentral ng Pilipinas, and other pertinent regulations;
   6. Data gathered in connection with any investigation, litigation or inquiry relating to the customer.
2. From trustees, officers and employees as well as on-the-job trainees:
   1. Information submitted to MESALA when applying for work or training as well as those collected during the processing of employment or training application such as results of character investigation and pre-employment medical assessment;
   2. Information gathered and maintained during data subject’s employment including  payroll information, government mandated and third party remittances like SSS, PhilHealth, and Pag-IBIG membership and contributions, taxes, bank account information; wages; entitlements and benefits; medical and dental care records; beneficiaries and dependents; emergency contact information; training and certifications; performance evaluation; sanctions; employment changes and work history;
   3. Data provide on the employee’s dependents and/or beneficiaries relating health maintenance plan, insurance claims, or profiling;
   4. Information retained by MESALA after separation from service such as pension information, retiree eligibilities and other benefits, bank account information, addresses, beneficiaries, and contact information.
3. From business partners
   1. Information submitted to MESALA in the application for and management of vendor accreditation and renewal thereof;
   2. Data collected and maintained pertaining to the vendor, contractor, consultant or other business partner and its employees in relation to the preparation, execution, or fulfillment of its contract with MESALA;
   3. Information submitted by the vendor, contractor, consultant or other business partner and its employees in order to gain access to, or perform their services or deliver their products within the premises of MESALA.
4. From other Third Parties
   1. Data pertaining to third parties gathered by virtue of a legal claim or demand or in connection with MESALA products, services, programs and events;
   2. Information provided to MESALA by government agencies, regulators or public officers and employees in the performance of their lawfully mandated duties;
   3. In general, information collected or provided relating to MESALA’s business or operations, including those intended for market research and data analytics.

III. PURPOSES OF PROCESSING THE PERSONAL DATA 

MESALA shall ensure that it processes personal data and account information of its data subject fairly, lawfully and in a manner compatible with declared, specified and legitimate purpose such as, but limited to the following: 

1. For members
   1. To establish and manage business relationship with the customer and administer customer account with MESALA. MESALA may process personal data and account information to evaluate membership application, facilitate the delivery of products, performance of services or management of investments and/or enable activities related to MESALA’s business and operations including those performed by its personal information processors. This covers processing of loan applications and deposit transactions, management of capital contributions, availment of other MESALA products, services, investments and programs, verification of customer identity when accessing or using the account through the various customer touch points, and performance of protective measures to safeguard against fraud and other improper use or abuse of MESALA products, services and investments.
   2. To improve the quality of customer experience. MESALA processes personal data and account information:
      1. to respond to customer request, concern or complaint;
      2. to understand customer needs or preferences as indicated in the use of MESALA products, services and investments, participation in customer surveys and research activities, and customer browsing behavior in MESALA websites;
      3. to provide the customer pertinent information on MESALA products, services, investments or any other programs or promotions that may be useful or of interest to him/her; and
      4. to perform profile analysis, modeling and analytics to better understand needs, preferences and market trends for the development of more suitable products and services;
   3. To comply with operational, audit, administrative, credit and risk management processes, policies and procedures, the terms and conditions governing products, services, facilities and channels, the Bangko Sentral ng Pilipinas rules and regulations, legal and regulatory requirements of government regulators, judicial, supervisory bodies, tax authorities or courts of competent jurisdiction, as to the same may be amended or supplemental from time to time;
   4. To comply with applicable laws of the Philippines and those of other jurisdictions, the laws on the prevention of money laundering including the provisions of Republic Act No. 9160 (Anti-Money Laundering Act of 2001), as amended;
   5. To comply with legal and regulatory requirements such as submission of data to credit bureaus, credit information companies, the Credit Information Corporation (CIC) (pursuant to RA No. 9510 and its implementing rules and regulations) responding to court orders and other instructions and requests from any local or foreign authorities including regulatory, governmental, tax and law enforcement authorities or other similar authorities.
2. For applicants, employees and retirees as well as on-the-job trainees
   1. To evaluate, process or otherwise handle employment application or training request. This includes determination of eligibility or qualification for the position and/or compliance with specific employment or training requirements, conduct of background investigation, validation of submitted documents, assessment of employment history, and interview of character references;
   2. To manage employer-employee relations or training. MESALA processes data to handle all aspects of employment or on-the-job training. This includes:
      1. maintaining and updating all personal records to enable MESALA to administer pay, salary deductions, employment-related entitlements, and benefits including those pertaining to the employee’s dependents or beneficiaries and for any other purpose that would facilitate operational or administrative efficiency;
      2. conducting performance reviews and merit system;
      3. providing appropriate training and/or developmental interventions including membership with professional or industry organizations; 
      4. monitoring employee performance, use of company resources, and compliance with MESALA policies, guidelines and internal rules and procedures including those pertaining to employee conduct;
      5. conducting internal investigation and/or administering disciplinary action and sanction.
   3. To enforce, defend or otherwise administer legal claims or obligations arising from employment contract or training relationship. This includes any processing aimed to comply with applicable statutory and regulatory requirements and submissions or address any work or labor-related claims such as worker compensation and insurance claims. 
   4. To promote employee or on-the-job trainee welfare, health, safety, and security. MESALA processes data to implement health, safety, and security policies and programs, improve employee engagement, and maintain safety and security in the workplace and in all business operations including investigation and resolution of any breach thereof.
   5. To maintain post-employment relationship relating to pension, retiree eligibilities and other benefits.
3. For Vendors, Suppliers or Contractors, and Consultants and their employees
   1. To establish and/or maintain business relationship. This includes evaluation of vendor accreditation, determination of eligibility to conduct business with MESALA, monitoring of contract performance, enforcement of legal and contractual obligations arising from, or incidental to, such business relationship, facilitating the payment for the products or services; and compliance with statutory, legal, and regulatory requirements related to our business;
   2. To monitor and/or control entrance to, or exit from, and activities within, MESALA premises.
4. For Other Third Parties
   1. To pursue legal claim or defense involving MESALA, or its trustees, officers, employees, and representatives in relation to the performance of their duties for MESALA;
   2. To comply with legal, regulatory, or contractual obligations;
   3. To assist public authorities in the performance of their functions or in further government policies, programs and initiatives;
   4. In general, to pursue MESALA business and other legitimate interest.

IV. DATA DISCLOSURE

MESALA commits to protect personal data and account information from unauthorized disclosure including cross-border transfer. As such, such data and information may be disclosed in order to pursue the above purposes to the following but only to the extent necessary and through secure means: 

1. Employees, Authorized Representatives, Trainees, and Consultants

   • MESALA employees, trainees and consultants commit to observe the applicable privacy policies and corresponding data security measures. Authorized Representatives and Consultants are required to sign a Non-Disclosure Agreement (NDA) and/or Data Privacy agreement/commitment to ensure that they process the data confidentially in a manner consistent with the purpose of their employment or engagement.

2. Vendors, Contractors, and other Business Partners, including Auditors
   • Contractors, subsidiaries, and business partners, through a Data Processing Outsourcing and/or Non-Disclosure Agreement (NDA), are obliged to secure and keep personal data and account information confidential. Business partners include, but are not limited to, the following:
     1. MESALA counterparties and their respective banks relative to account transactions including fund transfers, payments, issuance of standby letters of credit, banker’s guarantees or letters of undertaking and drawing of checks;
     2. Third party service contractors providing administrative or operational services to MESALA, such as courier services, telecommunications, information technology, payment, payroll, processing, training, market research, storage, archival, customer support investigation services or other services to MESALA;
     3. Agents, contractors, vendors or other third-party service providers in connection with products and services offered by MESALA;
     4. Professional advisers such as external auditors and lawyers;
     5. Surveyors or valuers or other third parties in relation to assets to be charged or mortgaged to MESALA;
     6. Collection and repossession agencies in relation to the enforcement of repayment obligations for loans; 
     7. Financial institutions, brokerage houses, clearing houses, depository, depository agents, managers, administrators, fund houses, registrars, custodians, external banks, the Bangko Sentral ng Pilipinas, nominee banks and investment vehicles in relation to asset management and investment product settlement processing.
3. Other Third Parties

Disclosure shall be subject to strict compliance with this Policy, and if applicable, with a Data Processing Outsourcing and/or Non-Disclosure Agreement (NDA) when made to person to whom MESALA is under an obligation or otherwise required to make disclosure under the requirements of any law binding on or applying to MESALA, or any disclosure under and for the purposes of any guidelines or guidance given or issued by any legal, regulatory, governmental, tax, law enforcement or other authorities, or self-regulatory or industry bodies or associations of financial services providers with which MESALA is expected to comply, or any disclosure pursuant to any contractual or other commitment of MESALA with local or foreign legal, regulatory, governmental, tax, law enforcement or other authorities, or industry bodies or associations of financial services providers, all of which may be within or outside the Philippines and may be existing currently and in the future.

V. DATA SHARING

VI. OTHER FORMS OF COLLECTION AND PROCESSING

1. AUTOMATIC COLLECTION OF INFORMATION AND COOKIE POLICY
   • MESALA may automatically receive and record information on its server logs from the data subject’s browser whenever the latter interacts with MESALA website or other electronic services. Cookies are small text files placed or stored in the data subject’s computing or other electronic devices which allow personal information controllers like MESALA to remember the data subject or other data about him/her including the amount of time spent, number of views made, IP address of the data subject’s device, and the browser and operating system used. Cookies placed by MESALA server shall only be readable by MESALA, and cookies cannot access, read or modify any other data on an electronic device.

   • To ensure transparency, MESALA shall inform the data subjects of its cookie policy and allow them to accept or decline cookies or modify the browser setting to limit the automatic data collection. If allowed, the processing of these data shall be for the purpose of enhancing customer experience and supporting website requirements. 

2. LINKS TO OTHER WEBSITES
   • MESALA website may contain links leading to other websites not covered by this Privacy Policy. MESALA shall not be responsible for the protection and privacy of any personal data that other personal information controllers may collect, store, or process through their website.
3. LOGS COLLECTION
   • Personal data may also be collected for auditing and security purposes by MESALA’s secured logging processes when accessing its systems and/or premises

VII. INFORMATION SECURITY

MESALA shall take due diligence to ensure the integrity, confidentiality, availability, and security of the personal data and account information by implementing reasonable organizational, physical, and technical security measures in the processing of such data including the use of secure servers, firewalls and security controls and regular conduct of audit and testing of its privacy and security protocols. These data privacy and security measures shall be embodied in a Privacy Manual and other internal guidelines, rules and procedures.

VIII. PERSONAL DATA RETENTION AND DISPOSAL

MESALA shall keep the personal data only for as long as necessary: 

1. for the fulfillment of the declared, specified, and legitimate purposes provided above, or when the processing relevant to the purpose has been completed or terminated; 
2. for the establishment, exercise, or defense of legal claims; or
3. for other business purposes, that are consistent with standards established or approved by regulatory agencies governing MESALA.

Thereafter, said personal data shall be disposed or discarded in a secure manner that would prevent further processing, unauthorized access, or disclosure to any other party or the public.

IX. DATA SUBJECT RIGHTS

MESALA shall recognize the following rights of the data subjects as provided under the Data Privacy Act and its implementing rules and regulations:

1. To be informed if their data is being processed or has been processed, what data is being processed, and for what purposes;
2. The right to reasonably demand access to their data;
3. The right to object or withhold their consent to the processing of their data;
4. The right to correct or rectify any inaccuracy or error in their data;
5. The right to block or erase their data if it is proven to be incomplete, outdated, unlawfully obtained, or used for unauthorized transactions.
6. The right to file a complaint with the National Privacy Commission if their personal information has been misused, maliciously disclosed, or improperly disposed, or that any of their data privacy rights have been violated;
7. The right to damages sustained from inaccurate, incomplete, outdated, false, unlawfully-obtained data as well as damages from unauthorized uses of their data; and
8. The right to data portability or obtain and electronically move, copy or transfer their data in a secure manner, for further use.

MESALA shall afford the data subjects relevant contact information and access to its platforms and media channels through which the data subject may fully exercise said rights. In complying with the exercise of said rights, MESALA may impose a charge or fee for processing of any request/s for access and/or update depending on the nature and complexity thereof. In such case, prior notice on the processing fee shall be made available to the data subjects prior to making the request.

X. DATA SUBJECT OBLIGATIONS

Data subjects shall have the following obligations:

1. Protect their personal information. 
   

   The data subjects shall be responsible for the privacy and security of their data which are exclusively under their control or possession.  Appropriate measures should be taken by the data subject to ensure that any medium or device used to transact with MESALA is secure and not accessible to anyone without permission.

2. Report any data breach, security incident or concern.
   The data subjects shall be responsible for immediately informing MESALA of any data breach, security incident or concern affecting the integrity, availability or confidentiality of the data to enable MESALA to respond appropriately and expeditiously and prevent further damage or breach.