• USSC Bldg. 711 EDSA cor New York St. Pinagkaisahan, Quezon City
  • Call 8928-8772

GENERAL PRIVACY NOTICE

 

PRIVACY STATEMENT

We, Universal Storefront Services Corporation (USSC) and its subsidiary, USSC Money Services Inc. (UMSI), are committed to protect and respect your personal data privacy. We are at the forefront of not only implementing but also complying with the Republic Act 10173, otherwise known as the Data Privacy Act (DPA) of 2012. In all instances, we assure our customers and employees (aspirants, current, and former) that processing their personal data will strictly follow the provisions of the DPA, especially the general data
privacy principles of transparency, legitimate purpose, and proportionality. Customers include those who visit our stores, offices, website, social media page, customer service contact number and chat, mobile app, and otherwise interact with us.

 

OUR PRODUCTS AND SERVICES
USSC and UMSI are registered Money Service Business (MSB) with the Bangko Sentral ng Pilipinas offering financial services through our company-owned branches, partners, agents, and mobile app. Our services include money transfer, cards, e-wallet, budget insurance, bills payment, cellphone loading, international payments, ticketing, money changing, and cash withdrawal.

 

WHAT WE COLLECT
We collect the following personal data based on the products and services you avail:

  • Identification Information (Know-Your-Customer). This includes your full name, sex/gender, civil status, date and place of birth, citizenship/nationality, present and permanent address, contact information (landline, mobile number, and/or email address), source of fund, occupation, employment position, nature of business/employer, business/employer address, Philippine national ID number, ID type and number, ID date of issuance and/or expiration, image of the ID, your photo, specimen signature, fingerprint, expected monthly transaction, main purpose of opening an account, and politically exposed person (PEP) status (name of and your relationship to the PEP).
  • Financial Information. This includes your financial transaction history using your account with us, the purpose of such transaction, your relationship to the receiver/beneficiary, and biller account number and name.
  • Third Party Information. This includes identification information from third-party sources and when you engage with us through social media platforms, we may also access limited data associated with your social media account.
  • Device Information. This includes your mobile device information such as device ID, IP address, operating system version, hardware version, and current location coordinates.
  • Communication Information. This includes voice and/or chat conversations between you and our customer service representative/s.
  • Image Information. This includes your images and videos recorded through our installed webcam and CCTV.
  • Employee Identification Information (Applicant, Currently Hired, Dismissed). This includes applicant’s full name, name and relationship to the company employee the applicant is affiliated to, present address, provincial address, personal contact details, emergency contact details, citizenship, religion, gender, civil status, date and place of birth, name of spouse, job and company name of the spouse, work experience, educational background, affiliations, family background, and character reference. Once hired, additional information will be collected that includes SSS number, TIN, Philhealth number, Pag-IBIG number, account name and number (bank / e-wallet), copy of recent pay slip from previous job, medical examination result and receipt, insurance beneficiary, and background investigation result.
  • Employee Performance and Health Information (Applicant, Currently Hired, Dismissed). This includes employee’s promotions, performance evaluation, training and seminar records, medical records, and fit to work result of annual physical examination.

 

HOW AND WHEN WE COLLECT
We collect your personal data through and during:

  • Through Face-to-Face Interaction. We collect personal data when you visit our head office and regional offices, company-owned branches, interact with our team, or avail our products and services. Your personal data may be collected through filling out a physical form, digital form, interview, and CCTV.
  • Through our Mobile App. We collect personal data when you download, install, and create an account through our U Mobile App. Additionally, personal data is collected when you process transactions within the app.
  • Through our Official Website and Social Media Accounts. We collect personal data when you visit our website and submit online forms. Additionally, we gather personal data through your interactions with our team via social media channels, including calls, chats, private messages, comments, and reactions.
  • Through our Customer Service Hotline, Chat or Email. We collect personal data through various customer support channels, including hotline calls, online chat, email correspondence, and direct interactions with our customer service team.
  • Through our Partners and Agents. We may collect or receive personal data when you engage with our products and services through accredited partners and agents. This personal data may be shared with us during the transaction process or upon our request, in accordance with the terms of our contractual arrangements with these parties.
  • Through our Government Institution Partners. We collect or receive your personal data through formal data sharing agreements with government institutions, enabling us to support the delivery of public services and benefits to citizens. Additionally, we may access personal information when verifying your identity using the government-issued identification documents you provide.
  • Through a Third-Party Background Check Providers. We collect or receive your personal data when we perform a background check through hiring a third-party provider.

 

WHY WE COLLECT
We collect your information for the following purposes:

  • Confirmation of Identity. We use your information to confirm your identity and conduct customer due diligence prior to and after processing any requested products or services that are regulated by the Bangko Sentral ng Pilipinas (BSP) and the Anti-Money Laundering Council (AMLC), in accordance with applicable laws.
  • Transaction Processing. We use your information to facilitate and verify transactions. For instance, your full name may be required at the payout location to confirm the legitimacy of the transaction with the recipient.
  • Transaction Monitoring. We use your information to monitor and report, covered transactions and suspicious activities to the Anti-Money Laundering Council (AMLC), as mandated by law. This information also allows us to provide your transaction history upon request.
  • Safety and Security. We use your information to detect and prevent fraudulent transactions, as well as to identify, investigate, and manage potential criminal activity. Your data also supports our efforts to ensure the safety and security of our services, facilities, and customers.
  • Relevant Product and Services Communication. With your consent, we may use your information to share relevant offers and updates from us and our trusted business partners.
  • Customer Service Function. We use your information to better understand and respond to your concerns. This insight also supports the ongoing training and development of our customer service team, enabling us to enhance the quality of service and deliver exceptional customer experience.
  • Manage Our Business. We use your information to enhance our products and services, conduct customer insights and research, and continuously improve our delivery of service. This includes assessing the performance of our front-line ambassadors to ensure consistent, high-quality support.
  • Recruitment and Employment Records. We use applicant information for recruitment and hiring purposes. Once employed, the employee information is utilized to monitor and evaluate employee performance, administer salaries and benefits, and ensure compliance with government requirements. This includes the submission of necessary forms and reports to the Department of Labor and Employment (DOLE), Social Security System (SSS), Philippine Health Insurance Corporation (PHIC), Home Development Mutual Fund (HDMF or Pag-IBIG), Bureau of Internal Revenue (BIR), and other relevant agencies. We collect medical records as reasons for leaves applied due to health conditions, and to understand if employees are still fit to work.


HOW WE STORE, RETAIN AND DISPOSE
We store your information based on the following:

  • Physical records containing your personal data are securely stored at our head office, regional offices, company-owned branches, and authorized third-party storage facilities. These locations follow strict physical security protocols to safeguard your information against unauthorized access, loss, or damage.
  • Digital records containing your personal data are securely stored on our computers, servers, CCTV recorders, and cloud-based data storage systems. These systems employ industry-standard encryption, access controls, and regular security audits to protect your data from unauthorized access, loss, or breach.

 

We retain your personal data for five (5) years from the date of your last transaction, account closure, or dismissal (in the case of employees), except for the CCTV recording which is retained only for a maximum of one (1) month. If the data is required for an ongoing investigation, legal proceedings, or legal requirement, we may retain it beyond this period in accordance with applicable laws and regulations.

 

We dispose your personal data as follows:

  • Physical records containing personal data are disposed of using secure destruction methods, including shredding, pulping, dry maceration, or incineration (through authorized third-party providers). These methods are chosen to ensure complete and irreversible destruction of documents, in accordance with applicable data privacy regulations.
  • Physical media that contain personal data in digital form are securely disposed of through crushing and/or drilling holes to render them unusable. Prior to physical destruction, we ensure that digital records are irrecoverable by performing software wiping or degaussing, in accordance with industry standards for data sanitization.
  • Digital records containing personal data are securely disposed of using data deletion tools that overwrite information to prevent recovery. These tools follow industry-standard protocols to ensure that erased data cannot be retrieved or reconstructed, thereby protecting the confidentiality and integrity of personal information.

 

WHO DO WE SHARE
We share your information with the following:

  • USSC and UMSI Affiliates. We may share your personal data with our subsidiaries and affiliates to provide you with the products and services you have requested. This includes:
    • Confabia, Inc. – for addressing and resolving your customer service concerns, conducting relevant survey to improve our service delivery, and offering to you our products and services.
    • Clear Minds Algorithmics Inc. (CMAI) – for developing and maintaining software solutions we use for our day-to-day operations and generating big data analytics and insights to help us design new offerings and enhance existing products and services.
    • USSC Finance Corporation (UFC) – for processing and evaluating your cash advance or personal loan application.
  • Partners and Agents. We may share your personal data with our accredited partners and agents to facilitate the products and services you avail through our locations and platform. This includes:
    • Remittance Partners – Entities we collaborate with to offer their remittance services, such as Western Union, MoneyGram, Remitly, Ria, and others.
    • Remittance Agents – Entities authorized to offer our remittance services and those of our partners, including Cebuana Lhuillier, Palawan Pawnshop, and others.
    • Ticketing Partners – Entities we work with to provide ticketing services, such as Philippine Airlines, Cebu Pacific, AirAsia, and others.
    • Ticketing Agents – Entities authorized to offer ticketing services from our partners, including Anisah Ticketing Outlet, Hotel Angelo, Zenith Swift Remittance Service Inc., and others.
    • Payment Partners – Entities we partner with to deliver payment services, such as Bayad Center, EC Pay, and others.
    • Payment Agents – Entities authorized to offer our payment services, such as Xpresspay, and others.
    • Merchants – This includes entities we partner with for them to accept electronic payments for their products and services, such as Go Salad, Star Plaza Hotel, Inc., Anytime Coffee Inc., etc.
    • Cards – This includes entities we partner with, such as Visa, for us to provide you with a prepaid card that you can use to withdraw cash, purchase online, and pay for your instore purchases.
    • Cash In and Cash Out (CICO) – This includes entities we partner with to accept cash-in and cash out transactions for your e-wallet with us, such as Xpresspay, and others.
  • Financial Institutions. We may share your personal data with financial institutions that are members of InstaPay and PESONet to facilitate your fund transfer transactions. This includes handling transaction disputes, conducting fraud investigations, and ensuring the secure and accurate processing of your financial activities.
  • Vendors. We may share your personal data with our trusted service providers who assist us in delivering secure and efficient products and services. This includes support for background verification prior to employment and compliance with regulatory standards. Examples of these providers include Ubivelox Philippines, Inc., CIBI Information Inc., and other authorized entities.
  • Public Authorities. We may share your personal data with law enforcement agencies, regulatory bodies, judicial courts, and other relevant local authorities when required by law or regulation. Such disclosures are made to comply with legal obligations and to support matters of public interest, including investigations, enforcement actions, and judicial proceedings. This includes Anti-Money Laundering Council (AMLC), Bangko Sentral ng Pilipinas (BSP), and others.
  • Government Institutions. We may share your personal data with relevant government institutions to comply with applicable tax laws and mandatory employee benefit contributions. This includes, but is not limited to, the Bureau of Internal Revenue (BIR), Social Security System (SSS), Home Development Mutual Fund (HDMF or Pag-IBIG), Philippine Health Insurance Corporation (PHIC), and other agencies as required by law.

 

HOW WE PROTECT
We deeply value the trust you place in us. To honor that trust, we take comprehensive measures to safeguard your personal data against unauthorized access, disclosure, alteration, and loss. Our approach includes a robust framework of organizational, physical, and technical controls:

  • Organizational Controls
    • We enforce company-wide policies and procedures aligned with data protection standards.
    • Regular compliance monitoring ensures adherence to these protocols.
    • Personnel are trained in safeguarding personal data, supported by policies such as:
      • Information Security Policy
      • Data Breach Management
      • Business Continuity Management
  • Physical Controls
    • Access to sensitive areas is restricted to authorized personnel only.
    • Surveillance systems (e.g., CCTV) are deployed for monitoring and incident detection.
    • Additional physical safeguards are in place to prevent unauthorized entry and tampering.
  • Technical Controls
    • Advanced cybersecurity tools such as firewalls and intrusion detection/prevention systems are utilized.
    • Data is protected through encryption and secure transmission protocols.
    • Multi-factor authentication (MFA) adds an extra layer of security to user access.

 

We strongly encourage you to remain vigilant in safeguarding your personal login information, including your username, password, MPIN, and One-Time Password (OTP). These credentials are key to securing your account and personal data.

  • Do not share your login details with anyone.
  • Be cautious of phishing attempts or suspicious messages requesting your credentials.
  • If you suspect that your account has been compromised or accessed without authorization, notify us immediately so we can take prompt action to protect your information.

 

Your security is our priority—and it starts with you.

 

WHAT ARE YOUR RIGHTS

Your right to data privacy empowers you to have reasonable control over the flow of your personal data. Under Data Privacy Act of 2012, individuals whose personal information is collected, stored, and processed are referred to as data subjects. It is the responsibility of the Personal Information Controllers (PIC) and Personal Information Processors (PIP) that handle your personal details, whereabouts, and preferences to uphold and respect your data privacy rights.

  • Right to be Informed. As a data subject, you have the right to be informed whether your personal data shall be, are being, or have been processed, including the existence of automated decisionmaking and profiling.
    • You shall be notified and furnished with the information indicated below before your personal data is processed, or at the next practical opportunity:
    • Description of the personal data to be entered into the system. o Purposes for which they are being or will be processed, including processing for direct marketing, profiling, or historical, statistical, or scientific purposes.
    • Basis of processing, when processing is not based on the consent of the data subject.
    • Scope and method of personal data processing. The recipients or classes of recipients to whom the personal data are or may be disclosed.
    • Methods utilized for automated access, if the same is allowed by the data subject, and the extent to which such access is authorized, including meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
    • The identity and contact details of the personal information controller and its representative.
    • The period for which the information will be stored or retained.
    • The existence of their rights as data subjects.
  • Right to Object. As a data subject, you shall have the right to object to the processing of your personal data where such processing is based on consent or legitimate interest.

 

If there is any significant change or amendment to the information provided to you in a consent form, privacy notice, or similar communication, you should be notified and given an opportunity to object and/or withdraw consent, if consent was previously given for such personal data processing.

 

You can also object to the processing of your personal data for:

  • direct marketing.
  • profiling
  • in cases of automated processing where your personal data will, or is likely to, be made as the sole basis for any decision that significantly affects or will affect you.

 

If you object to the processing of your personal data, the PIC shall cease the processing of personal data and comply with the objection, unless the processing falls under any other allowable instances pursuant to in Sections 12 or 13, other than consent and legitimate interest. The PIC shall communicate and inform you of said lawful basis or compelling reason to continue processing.

  • Right to Access. As a data subject, you have the right to obtain confirmation on whether or not data relating to you are being processed, as well as information about any of the following:
    • Contents of personal information and categories of data that were processed.
    • Sources from which personal data were obtained, if the data was not collected from the data subject.
    • Purposes of processing.
    • Manner by which such data were processed. o Information on automated processes where the processed data will or is likely to be made as the sole basis for any decision that significantly affects or will affect the data subject.
    • Names and addresses of recipients of the personal information.
    • Reasons for the disclosure of personal information to recipients.
    • Date when his or her personal data were last accessed and modified.
    • Period for which particular categories of information will be stored.
    • The designation, name or identity, and address of the PIC’s data protection officer.

 

You may request access to your own personal data, but not to the information relating to any other individual. This would likewise exclude any analysis made by the PIC with respect to your personal data, i.e., inferred, derived, modeled, or business-generated data.

 

Your right to access your personal data may be limited in the following instances:

  • If the information is publicly available.
  • Repeated, identical, or similar requests if such request for access has been previously granted unless a reasonable interval of time from the previous request has elapsed.
  • If the request for access will entail a disproportionate amount of effort or resources.
  • If providing access to the information may cause serious harm to your physical, mental, or emotional health.
  • Right to Rectify. As a data subject, you have the right to dispute the inaccuracy or error in your personal data and have the PIC correct the same within a reasonable period of time.

 

The right to rectification excludes instances where rectification or correction requires an order from a competent court, other pertinent government agencies, or otherwise covered by an official process under other applicable laws and regulations.

 

The request for rectification may be denied if the same is manifestly unfounded, vexatious, or otherwise unreasonable. A request may be considered as such when it is made with no real purpose other than to harass, cause annoyance, or hamper the delivery and performance of service.

  • Right to Erasure or Blocking. As the data subject, you have the right to request the suspension, withdrawal, blocking, removal, or destruction of your personal data from the PIC’s filing system, in both live and backup systems.

 

You may exercise your right to erasure or block upon discovery and substantial proof of any of the following:

  • The personal data is:
    • incomplete, outdated, false, or unlawfully obtained.
    • used for an unauthorized purpose.
    • no longer necessary for the purpose/s for which they were collected.
    • concerns private information that is prejudicial to the data subject, unless justified by freedom of speech, of expression, or of the press, or otherwise authorized.
  • The data subject objects to the processing, and there are no other applicable lawful criteria for processing.
  • The processing is unlawful.
  • The PIC or PIP violated the rights of the data subject.

 

A PIC may deny your request for erasure or blocking, wholly or partly, when personal data is still necessary in any of the following instances:

  • Fulfillment of the purpose/s for which the data was obtained.
  • Compliance with a legal obligation which requires personal data processing.
  • Establishment, exercise, or defense of any legal claim.
  • Legitimate business purposes of the PIC, consistent with the applicable industry standard for personal data retention.
  • To apprise the public on matters that have an overriding public interest or concern, taking into consideration the following factors:
    • constitutionally guaranteed rights and freedoms of speech, of expression, or of the press.
    • whether or not the personal data pertains to a data subject who is a public figure.
    • other analogous considerations where personal data are processed in circumstances where data subjects can reasonably expect further processing.
  • As may be provided by any existing law, rules, and regulations.

 

Personal data that is publicly available, i.e. online, may be subject of request for erasure. The PIC shall communicate with other PICs, including third party indexes, and request them to erase copies or remove or delist search results or links to your pertinent personal data.

  • Right to Damages. As data subject, you have the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data, taking into account any violation of your right and freedoms as data subject.

 

When there is a perceived violation of your rights, you may file a complaint with the NPC, in accordance with its Rules of Procedure governing all complaints filed before the Commission.

  • Right to File a Complaint. If you feel that your personal information has been misused, maliciously disclosed, or improperly disposed, or that any of your data privacy rights have been violated, you have a right to file a complaint with the NPC.
  • Right to Data Portability. As a data subject, you have the right to obtain from the PIC a copy of your personal data and/or have the same transmitted from one PIC to another, in an electronic or structured format that is commonly used.

 

You may be able to exercise this right when these two conditions concur. First, when the processing is based on consent or contract. Second, the personal data is processed by electronic means and in a structured and commonly used format.

 

Your right to data portability is limited to the personal data that you have actively and knowingly provided such as your name, address, age, username, etc., and observed data that you have provided by virtue of the use of service or the device, i.e. access logs, transaction history, location data, etc.

 

You may request for any format provided that it is commonly used, machine-readable, interoperable, open formats, i.e. XML, JSON, CSV, etc.

 

HOW YOU CAN EXERCISE YOUR RIGHTS

For your inquiries and complaints, you may visit any of our branches or get in touch with us through our Customer Service Hotline and/or Email.

 

USSC/UMSI Customer Service Hotline: (63) 2 8928-USSC (8772)
USSC Customer Service Email: customer_service@ussc.com.ph
UMSI Customer Service Email: customer_service@umsi.com.ph

 

For data privacy requests and concerns, you may send us a letter/email or contact us through our DPO Contact Number.

 

DATA PROTECTION OFFICER
UNIVERSAL STOREFRONT SERVICES CORPORATION (USSC) / USSC MONEY SERVICES INC. (UMSI)
USSC Building, No. 711 EDSA corner New York Street,
Brgy. Pinagkaisahan, Cubao, Quezon City, 1111
DPO Contact Number: (63) 2 8249-5220
USSC DPO Email: dpo@ussc.com.ph
UMSI DPO Email: dpo@umsi.com.ph

 

HOW WE UPDATE

USSC and UMSI reserves the right to update or revise this privacy notice at any time and will provide a
new privacy notice whenever there are substantial changes. Prior versions shall be retained and may be
provided to the data subjects upon request.

 

Date Last Updated: September 25, 2025

 

We Use Cookies

Cookies are small text files that a website stores on your computer or mobile device to remember information about your visit. We use cookies and similar technologies on our website to improve, measure performance, understand our audience, and enhance user experience. We retain cookies for a maximum period of 5 years depending on their purpose. For more information, please read our Cookie Policy and General Privacy Notice.

Cookie Settings

ACCEPT ALL
CUSTOMIZE
ACCEPT SELECTED
REJECT

We Use Cookies

Cookies are small text files that a website stores on your computer or mobile device to remember information about your visit. We use cookies and similar technologies on our website to improve, measure performance, understand our audience, and enhance user experience. We retain cookies for a maximum period of 5 years depending on their purpose. For more information, please read our Cookie Policy and Privacy Notice.

Cookie Settings

ACCEPT ALL
CUSTOMIZE
ACCEPT SELECTED
REJECT