Home

Privacy Policy

Social Ventures Association
(Operating as "Microlender.PH")

Last updated: March 25, 2026

1. Introduction & Identity of Data Controller

Social Ventures Association ("we," "us," or "our"), a nonprofit organization registered with the Securities and Exchange Commission (SEC) of the Philippines under Registration No. [To be provided], operates the website and platform known as Microlender.PH.

Microlender.PH is a social enterprise that provides microlending services to underserved Filipino communities. We are committed to protecting the privacy and personal data of our borrowers, applicants, and website visitors in full compliance with Republic Act No. 10173 (the Data Privacy Act of 2012), its Implementing Rules and Regulations, NPC Circular 20-01, and NPC Circular 2022-02.

This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our website, apply for a loan, or otherwise interact with our services.

2. Information We Collect

We collect only the personal information that is necessary to evaluate your loan application, process disbursements, and service your account. This includes:

  • Full name
  • Email address
  • Phone number
  • City or municipality
  • Business type
  • Business duration
  • Monthly income
  • Desired loan amount
  • Loan purpose
  • Preferred repayment method
  • Government-issued ID type (for identity verification)

In compliance with NPC Circular 20-01 and NPC Circular 2022-02, we explicitly state that Microlender.PH does not access, collect, or store:

  • Your phone contacts or address book
  • Your photo gallery or camera roll
  • Your call logs
  • Your SMS or text messages
  • Your social media accounts or activity

We do not require access to any of the above as a condition for loan approval or for any other purpose.

3. How We Use Your Information

We process your personal data strictly for the following purposes:

  • Evaluating and processing your loan application
  • Performing Know Your Customer (KYC) identity verification
  • Disbursing approved loan proceeds to your account
  • Servicing your loan, including payment reminders and account updates
  • Complying with legal and regulatory obligations (SEC, BSP, BIR, NPC)
  • Detecting and preventing fraud or unauthorized transactions
  • Improving our services and internal operations

We do not use your personal data for marketing, advertising, cross-selling, or any purpose unrelated to your loan and our legal obligations.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under RA 10173:

  • Consent — You provide your informed consent when you submit your loan application and agree to this Privacy Policy.
  • Contractual Necessity — Processing is necessary to enter into or perform a loan agreement with you.
  • Legal Obligation — We are required by law to collect and retain certain information for regulatory compliance (e.g., SEC, BIR, Anti-Money Laundering Act).
  • Legitimate Interest — Processing is necessary for fraud prevention, platform security, and improving our services, provided that such interests do not override your fundamental rights and freedoms.

5. Data Sharing

We may share your personal information with the following categories of recipients, solely for the purposes described in this Policy:

  • Payment Processors — Third-party payment service providers such as GCash, Maya, and partner banks, for the purpose of loan disbursement and repayment collection.
  • Government Agencies — The Securities and Exchange Commission (SEC), Bureau of Internal Revenue (BIR), National Privacy Commission (NPC), and other regulatory bodies, as required by Philippine law.

We do not sell, rent, trade, or otherwise commercially share your personal data with any third party.

We do not engage in debt shaming, public humiliation, or any form of harassment in connection with loan collection. Sharing borrower information with unauthorized persons for the purpose of shaming or coercion is strictly prohibited under our policies and Philippine law.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Denied Applications — Personal data of applicants whose loans are denied will be deleted after a reasonable period following the denial, unless retention is required by law.
  • Active Loans — Personal data is retained for the full duration of your loan, plus any additional period required by law or regulation.
  • Settled Loans — After full repayment, your records are retained for five (5) years to comply with SEC and BIR record-keeping requirements. After this period, your data will be securely deleted or anonymized.

7. Your Rights Under RA 10173

As a data subject under the Data Privacy Act of 2012, you have the following rights:

  • Right to Be Informed — You have the right to be informed of how your personal data is being collected, used, and processed.
  • Right to Access — You may request a copy of the personal data we hold about you and information about how it is being processed.
  • Right to Object — You may object to the processing of your personal data, including processing for direct marketing or automated decision-making.
  • Right to Erasure or Blocking — You may request the removal or blocking of your personal data from our systems, subject to legal retention requirements.
  • Right to Rectification — You may request the correction of any inaccurate or incomplete personal data we hold about you.
  • Right to Data Portability — You may request that your personal data be transmitted to another data controller in a structured, commonly used, and machine-readable format.
  • Right to File a Complaint — You have the right to lodge a complaint with the National Privacy Commission if you believe your data privacy rights have been violated.
  • Right to Damages — You are entitled to claim compensation for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data.

To exercise any of these rights, please contact our Data Protection Officer at [email protected].

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption of personal data in transit and at rest
  • Strict access controls limiting data access to authorized personnel only
  • Appointment of a Data Protection Officer (DPO) to oversee data privacy compliance
  • Regular security audits and vulnerability assessments
  • Employee training on data privacy and information security best practices

9. Data Breach Notification

In the event of a personal data breach that is likely to affect your rights and freedoms, we will notify the National Privacy Commission (NPC) within seventy-two (72) hours of becoming aware of the breach, in accordance with NPC Circular 16-03.

Affected data subjects will be notified promptly when the breach is likely to result in a serious risk to their rights and freedoms. Notification will include a description of the breach, the data affected, and the measures taken or proposed to address the breach.

10. Cookies

Our website uses cookies to ensure proper functionality and to understand how visitors interact with our platform. We use the following types of cookies:

  • Essential Cookies — Required for the website to function properly, including session management and security features. These cannot be disabled.
  • Analytics Cookies — Used to collect anonymized usage data to help us improve the website experience.

We do not use third-party marketing or advertising cookies. We do not track you across other websites.

11. Children's Data

Microlender.PH is not directed at individuals under the age of eighteen (18). We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected personal data from a minor, we will take immediate steps to delete such information from our systems.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be posted on this page with an updated "Last updated" date.

We encourage you to review this Privacy Policy periodically. Continued use of our services after any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact:

Data Protection Officer

Email: [email protected]

General Inquiries

Email: [email protected]

National Privacy Commission

If you believe your data privacy rights have been violated and wish to file a complaint, you may contact the National Privacy Commission:

Address: 3rd Floor, Core G, GSIS Headquarters, Financial Center, Pasay City, Philippines

Email: [email protected]