Privacy Notice

Effective Date: 1 September 2025

Last Updated: 1 September 2025

Data Controller: Pronto Financial Technology Corporation (“Pronto” or “ProntoPay”)

Registered Address: Unit 1502A, The Meridian, Golam Drive, Kasambagan, Cebu City, Philippines 6000

Contact (Privacy): dataprivacy@prontopaytech.com

1) Scope & Who We Are

This Privacy Notice explains how Pronto collects, uses, shares, and safeguards personal data when you use prontopaytech.com and our mobile/web applications (the “Services”).

2) Definitions

• Personal Data: any information that identifies or can reasonably identify an individual.
• Processing: any operation on Personal Data (collection, use, storage, disclosure).
• Controller / Processor: entity deciding purposes/means (Controller) vs. processing on behalf (Processor).
• Cookies: small files/pixels used for functionality, security, and measurement.

3) What Data We Collect

• Account & Contact Data: Full name, Birthdate, Gender, Mobile number, Nationality, Email address, Place of birth, Current address, Permanent address.
• KYC / Compliance Data: ID photos, selfies, income details, addresses, PEP/sanctions screening results.
• Transaction & Payment Data: Amounts, timestamps, counterparty info, notes/memos.
• Device & Usage Data: Device info, IP, app version, logs/diagnostics.
• Support & Communications Data: Emails, chats, screenshots.
• Cookies & Similar Technologies: As explained in Section 7.

4) How & Why We Use Your Data

We use personal data to:

• Perform our contract with you (account creation, core features).
• Comply with law (KYC/AML/CFT, reporting to regulators).
• Our legitimate interests (security, improving services, fraud detection).
• Service communications and support (admin messages, inquiries).
• Marketing (market research, personalization, where consented).

5) Sharing & Disclosures

We disclose personal data only as needed to operate Services and comply with law, including:

• Service providers under confidentiality obligations.
• Other parties to transactions (banks, billers).
• Regulatory, governmental, tax, law-enforcement or judicial authorities.
• Corporate transactions with your consent.

6) International Data Transfers

If data is transferred internationally, we implement safeguards compliant with EU SCCs and UK Addendum/IDTA.

7) Cookies & Tracking Technologies

We use cookies and similar technologies to operate the site/app and understand usage.

8) Data Security

Technical, organizational, and physical measures protect personal data from unauthorized access or misuse.

9) Data Retention

We retain data only as long as necessary for business purposes, service provision, and legal compliance, max 5 years after account termination.

10) Your Rights & Choices

Philippines (Data Privacy Act) rights: information, access, object, erasure/blocking, damages, complaints, rectify, portability.

EEA/UK residents may complain to their local supervisory authority.

11) Children’s Privacy

We do not knowingly collect data from children under 18.

12) Changes to This Notice

We may update this notice; check frequently to stay informed about how your data is protected.