DATA PRIVACY (Privacy Policy)

1. This policy applies to the personal information we collect on the Service. This does not apply to any non-personal information or any information collected by any third party. In accordance with this Policy, “personal information” means information that can be used to identify any individual directly or indirectly. Moreover, if you are a Buyer, we may collect Buyer data either directly from you or from a user using our payment processing services.

2. Personal Information we collect. Personal information that you voluntarily provide to MySellF.

3. When you register an account, we require you to provide us with certain personal information about yourself. This includes, but is not limited to, your first and last name, email address, and your company name. As part of the account registration and verification process, we may also request certain other information from you, such as your phone number and your company's taxpayer identification number, as well as documents containing personal information about you. These documents include, but are not limited to, a government-issued identity card, including a photo ID and signature, bank statements, proof of income, documentation confirming the legal existence of your business and its beneficial owners and principals, bank statements and relevant banking information, as well as other financial documents to confirm your identity and valuation the risk associated with your business. Even if you access and use the Service without registering an account, you can provide us with certain personal information about yourself (for example, you can subscribe to our newsletter or respond to invitations to events). The collection of this information is necessary to ensure the functionality of the Service and/or to comply with applicable laws and regulations related to the products offered by the Service.

4. If you are a Buyer, then when you make a payment through a user's website or application in connection with a transaction, we receive certain Buyer data. Buyer data may include: Name and surname; Physical and/or postal address; Financial information, including, but not limited to, credit or debit card numbers or bank account information; Email address; Phone Number. The collection of this Buyer data is necessary to ensure the functionality of the Service (mainly for processing transactions) and/or to comply with applicable laws and regulations related to the products offered by the Service. We may use Buyer data for the following purposes:

(1) providing and improving services;

(2) internal use, including, but not limited to, data analytics and metrics, provided that such Buyer data has been anonymized and combined with other Buyer data;

(3) compliance with applicable legal requirements and assistance to law enforcement agencies by responding to disclosure requests in accordance with applicable law;

(4) any other purpose for which the Client has provided consent.

5. These Buyer data may be transferred to other persons in the future. To process the transaction, we may also provide data to the merchant you choose to make the transaction, this Buyer data, with the exception of your financial information (only the following card data will be provided: (1) the last four digits of the card; (2) the brand of the card; and (3) the country of issue of the card).

6. Please read the privacy policy of the seller with whom you have decided to conclude a transaction to learn more about their processing of your Buyer data.

7. MySellF also offers UX features for you as a Buyer, which include card storage.

8. By agreeing to save the card data for future use, you, as a Buyer, agree to the storage of your card number, expiration date and CCV/CVVV (“Card Data”) using our card storage system. As for your CCV/CVV certificate, this data will be saved only for processing your payment. If your payment is successful, your CCV will be deleted immediately. If your payment is not processed, your CCV/CVV code will be deleted within twenty-four (24) hours after that. We use world-class security standards (PCI-DSS compliant) for card processing, which guarantees the safety of your card data. We will also use secure and tokenized user data to access your card data.

9. Data Controller represents, warrants and undertakes that:

9.1. It has obtained the specific consent of the data subjects to the Data Sharing; and

9.2. The data subjects have been provided the following information before the data is shared:

9.2.1. Identity of the personal information controllers or processors that will be given access to personal data;

9.2.2. Purpose of the data sharing;

9.2.3. Categories of personal data concerned;

9.2.4. Intended recipients or categories of recipients of the personal data;

9.2.5. Existence of their rights as data subjects, including the right to access and correction, and the right to object; and

9.2.6. Other information that would sufficiently notify the data subject of the nature and extent of data sharing and the manner of processing.

9.3.Data Processor represents, warrants and undertakes that:

9.3.1. It shall at all times comply with the requirements of the R.A. 10173 or the Philippine Data Privacy Act of 2012 (PDPA) and all other applicable data privacy laws and regulations;

9.3.2. It shall implement such measures and systems that will enable data subjects to exercise their rights under the PDPA, including without limitation the rights access, rectification, modification, blocking, and to object to the processing of data;

9.3.3. It shall implement reasonable and appropriate organizational, physical and technical measures intended for the protection of personal information against any accidental or unlawful destruction, alteration and disclosure, as well as against any other unlawful processing;

9.3.4. It shall ensure that its employees, agents, and representatives who are involved in the processing of personal information operate and hold personal information under strict confidentiality. This obligation shall continue even after their transfer to another position or upon termination of their employment or contractual relations;

9.3.5. It shall promptly notify when a personal data breach requiring notification to the National Privacy Commission has occurred, within such reasonable period as would allow to comply with its notification obligations under the PDPA.

9.4.Data Controller refers to a natural or juridical person, or any other body who controls the processing of personal data, or instructs another to process personal data on its behalf

9.5.Data Processor refers to any natural or juridical person or any other body to whom a personal information controller may outsource or instruct the processing of personal data pertaining to a data subject.

9.6.In this Agreement, both parties may perform the functions of a Data Controller and/or Data Processor of each other and above provisions shall take place as applicable.