We, Universal Storefront Services Corporation (USSC) and its subsidiary, USSC Money Services Inc. (UMSI), are committed to protect and respect your personal data privacy. We are at the forefront of not only implementing but also complying with the Republic Act 10173, otherwise known as the Data Privacy Act (DPA) of 2012. In all instances, we assure our customers and employees (aspirants, current, and former) that processing their personal data will strictly follow the provisions of the DPA, especially the general data privacy principles of transparency, legitimate purpose, and proportionality.
Customers include those who visit our stores, offices, website, social media page, customer service contact number and chat, mobile app, and otherwise interact with us.
USSC and UMSI are registered Money Service Business (MSB) with the Bangko Sentral ng Pilipinas offering financial services through our company-owned branches, partners, agents, and mobile app. Our services include money transfer, cards, e-wallet, budget insurance, bills payment, cellphone loading, international payments, ticketing, money changing, and cash withdrawal.
We collect the following personal data based on the products and services you avail:
Identification Information (Know-Your-Customer)
This includes your full name, sex/gender, civil status, date and place of birth, citizenship/nationality, present and permanent address, contact information (landline, mobile number, and/or email address), source of fund, occupation, employment position, nature of business/employer, business/employer address, Philippine national ID number, ID type and number, ID date of issuance and/or expiration, image of the ID, your photo, specimen signature, fingerprint, expected monthly transaction, main purpose of opening an account, and politically exposed person (PEP) status (name of and your relationship to the PEP).
Financial Information
This includes your financial transaction history using your account with us, the purpose of such transaction, your relationship to the receiver/beneficiary, and biller account number and name.
Third Party Information
This includes identification information from third-party sources and when you engage with us through social media platforms, we may also access limited data associated with your social media account.
Device Information
This includes your mobile device information such as device ID, IP address, operating system version, hardware version, and current location coordinates.
Communication Information
This includes voice and/or chat conversations between you and our customer service representative/s.
Image Information
This includes your images and videos recorded through our installed webcam and CCTV.
Employee Identification Information (Applicant, Currently Hired, Dismissed)
This includes applicant's full name, name and relationship to the company employee the applicant is affiliated to, present address, provincial address, personal contact details, emergency contact details, citizenship, religion, gender, civil status, date and place of birth, name of spouse, job and company name of the spouse, work experience, educational background, affiliations, family background, and character reference. Once hired, additional information will be collected that includes SSS number, TIN, Philhealth number, Pag-IBIG number, account name and number (bank / e-wallet), copy of recent pay slip from previous job, medical examination result and receipt, insurance beneficiary, and background investigation result.
Employee Performance and Health Information (Applicant, Currently Hired, Dismissed)
This includes employee's promotions, performance evaluation, training and seminar records, medical records, and fit to work result of annual physical examination.
We collect your personal data through and during:
- Through Face-to-Face Interaction. We collect personal data when you visit our head office and regional offices, company-owned branches, interact with our team, or avail our products and services. Your personal data may be collected through filling out a physical form, digital form, interview, and CCTV.
- Through our Mobile App. We collect personal data when you download, install, and create an account through our U Mobile App. Additionally, personal data is collected when you process transactions within the app.
- Through our Official Website and Social Media Accounts. We collect personal data when you visit our website and submit online forms. Additionally, we gather personal data through your interactions with our team via social media channels, including calls, chats, private messages, comments, and reactions.
- Through our Customer Service Hotline, Chat or Email. We collect personal data through various customer support channels, including hotline calls, online chat, email correspondence, and direct interactions with our customer service team.
- Through our Partners and Agents. We may collect or receive personal data when you engage with our products and services through accredited partners and agents. This personal data may be shared with us during the transaction process or upon our request, in accordance with the terms of our contractual arrangements with these parties.
- Through our Government Institution Partners. We collect or receive your personal data through formal data sharing agreements with government institutions, enabling us to support the delivery of public services and benefits to citizens. Additionally, we may access personal information when verifying your identity using the government-issued identification documents you provide.
- Through a Third-Party Background Check Providers. We collect or receive your personal data when we perform a background check through hiring a third-party provider.
We collect your information for the following purposes:
- Confirmation of Identity. We use your information to confirm your identity and conduct customer due diligence prior to and after processing any requested products or services that are regulated by the Bangko Sentral ng Pilipinas (BSP) and the Anti-Money Laundering Council (AMLC), in accordance with applicable laws.
- Transaction Processing. We use your information to facilitate and verify transactions. For instance, your full name may be required at the payout location to confirm the legitimacy of the transaction with the recipient.
- Transaction Monitoring. We use your information to monitor and report, covered transactions and suspicious activities to the Anti-Money Laundering Council (AMLC), as mandated by law. This information also allows us to provide your transaction history upon request.
- Safety and Security. We use your information to detect and prevent fraudulent transactions, as well as to identify, investigate, and manage potential criminal activity. Your data also supports our efforts to ensure the safety and security of our services, facilities, and customers.
- Relevant Product and Services Communication. With your consent, we may use your information to share relevant offers and updates from us and our trusted business partners.
- Customer Service Function. We use your information to better understand and respond to your concerns. This insight also supports the ongoing training and development of our customer service team, enabling us to enhance the quality of service and deliver exceptional customer experience.
- Manage Our Business. We use your information to enhance our products and services, conduct customer insights and research, and continuously improve our delivery of service. This includes assessing the performance of our front-line ambassadors to ensure consistent, high-quality support.
- Recruitment and Employment Records. We use applicant information for recruitment and hiring purposes. Once employed, the employee information is utilized to monitor and evaluate employee performance, administer salaries and benefits, and ensure compliance with government requirements. This includes the submission of necessary forms and reports to the Department of Labor and Employment (DOLE), Social Security System (SSS), Philippine Health Insurance Corporation (PHIC), Home Development Mutual Fund (HDMF or Pag-IBIG), Bureau of Internal Revenue (BIR), and other relevant agencies. We collect medical records as reasons for leaves applied due to health conditions, and to understand if employees are still fit to work.
We store your information based on the following:
- Physical records containing your personal data are securely stored at our head office, regional offices, company-owned branches, and authorized third-party storage facilities. These locations follow strict physical security protocols to safeguard your information against unauthorized access, loss, or damage.
- Digital records containing your personal data are securely stored on our computers, servers, CCTV recorders, and cloud-based data storage systems. These systems employ industry-standard encryption, access controls, and regular security audits to protect your data from unauthorized access, loss, or breach.
We retain your personal data for five (5) years from the date of your last transaction, account closure, or dismissal (in the case of employees), except for the CCTV recording which is retained only for a maximum of one (1) month. If the data is required for an ongoing investigation, legal proceedings, or legal requirement, we may retain it beyond this period in accordance with applicable laws and regulations.
We dispose your personal data as follows:
- Physical records containing personal data are disposed of using secure destruction methods, including shredding, pulping, dry maceration, or incineration (through authorized third-party providers). These methods are chosen to ensure complete and irreversible destruction of documents, in accordance with applicable data privacy regulations.
- Physical media that contain personal data in digital form are securely disposed of through crushing and/or drilling holes to render them unusable. Prior to physical destruction, we ensure that digital records are irrecoverable by performing software wiping or degaussing, in accordance with industry standards for data sanitization.
- Digital records containing personal data are securely disposed of using data deletion tools that overwrite information to prevent recovery. These tools follow industry-standard protocols to ensure that erased data cannot be retrieved or reconstructed, thereby protecting the confidentiality and integrity of personal information.
We share your information with the following:
USSC and UMSI Affiliates
We may share your personal data with our subsidiaries and affiliates to provide you with the products and services you have requested. This includes:
- Confabia, Inc. – for addressing and resolving your customer service concerns, conducting relevant survey to improve our service delivery, and offering to you our products and services.
- Clear Minds Algorithmics Inc. (CMAI) – for developing and maintaining software solutions we use for our day-to-day operations and generating big data analytics and insights to help us design new offerings and enhance existing products and services.
- USSC Finance Corporation (UFC) – for processing and evaluating your cash advance or personal loan application.
Partners and Agents
We may share your personal data with our accredited partners and agents to facilitate the products and services you avail through our locations and platform. This includes remittance partners (Western Union, MoneyGram, etc.), ticketing partners (Philippine Airlines, Cebu Pacific, etc.), payment partners, and their authorized agents.
Financial Institutions
We may share your personal data with financial institutions that are members of InstaPay and PESONet to facilitate your fund transfer transactions. This includes handling transaction disputes, conducting fraud investigations, and ensuring the secure and accurate processing of your financial activities.
Vendors
We may share your personal data with our trusted service providers who assist us in delivering secure and efficient products and services. This includes support for background verification prior to employment and compliance with regulatory standards.
Public Authorities
We may share your personal data with law enforcement agencies, regulatory bodies, judicial courts, and other relevant local authorities when required by law or regulation. This includes Anti-Money Laundering Council (AMLC), Bangko Sentral ng Pilipinas (BSP), and others.
Government Institutions
We may share your personal data with relevant government institutions to comply with applicable tax laws and mandatory employee benefit contributions. This includes the Bureau of Internal Revenue (BIR), Social Security System (SSS), Home Development Mutual Fund (HDMF or Pag-IBIG), Philippine Health Insurance Corporation (PHIC), and other agencies as required by law.
We deeply value the trust you place in us. To honor that trust, we take comprehensive measures to safeguard your personal data against unauthorized access, disclosure, alteration, and loss. Our approach includes a robust framework of organizational, physical, and technical controls:
Organizational Controls
- We enforce company-wide policies and procedures aligned with data protection standards.
- Regular compliance monitoring ensures adherence to these protocols.
- Personnel are trained in safeguarding personal data, supported by policies such as Information Security Policy, Data Breach Management, and Business Continuity Management.
Physical Controls
- Access to sensitive areas is restricted to authorized personnel only.
- Surveillance systems (e.g., CCTV) are deployed for monitoring and incident detection.
- Additional physical safeguards are in place to prevent unauthorized entry and tampering.
Technical Controls
- Advanced cybersecurity tools such as firewalls and intrusion detection/prevention systems are utilized.
- Data is protected through encryption and secure transmission protocols.
- Multi-factor authentication (MFA) adds an extra layer of security to user access.
We strongly encourage you to remain vigilant in safeguarding your personal login information, including your username, password, MPIN, and One-Time Password (OTP). These credentials are key to securing your account and personal data. Your security is our priority—and it starts with you.
Your right to data privacy empowers you to have reasonable control over the flow of your personal data. Under Data Privacy Act of 2012, individuals whose personal information is collected, stored, and processed are referred to as data subjects. It is the responsibility of the Personal Information Controllers (PIC) and Personal Information Processors (PIP) that handle your personal details, whereabouts, and preferences to uphold and respect your data privacy rights.
- Right to be Informed. As a data subject, you have the right to be informed whether your personal data shall be, are being, or have been processed, including the existence of automated decision-making and profiling.
- Right to Object. As a data subject, you shall have the right to object to the processing of your personal data where such processing is based on consent or legitimate interest.
- Right to Access. As a data subject, you have the right to obtain confirmation on whether or not data relating to you are being processed.
- Right to Rectify. As a data subject, you have the right to dispute the inaccuracy or error in your personal data and have the PIC correct the same within a reasonable period of time.
- Right to Erasure or Blocking. As the data subject, you have the right to request the suspension, withdrawal, blocking, removal, or destruction of your personal data from the PIC's filing system, in both live and backup systems.
- Right to Damages. As data subject, you have the right to be indemnified for any damages sustained due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of your personal data, taking into account any violation of your right and freedoms as data subject.
- Right to File a Complaint. If you feel that your personal information has been misused, maliciously disclosed, or improperly disposed, or that any of your data privacy rights have been violated, you have a right to file a complaint with the NPC.
- Right to Data Portability. As a data subject, you have the right to obtain from the PIC a copy of your personal data and/or have the same transmitted from one PIC to another, in an electronic or structured format that is commonly used.
For your inquiries and complaints, you may visit any of our branches or get in touch with us through our Customer Service Hotline and/or Email.
For data privacy requests and concerns, you may send us a letter/email or contact us through our DPO Contact Number.
UNIVERSAL STOREFRONT SERVICES CORPORATION (USSC) / USSC MONEY SERVICES INC. (UMSI)
USSC Building, No. 711 EDSA corner New York Street,
Brgy. Pinagkaisahan, Cubao, Quezon City, 1111
DPO Contact Number: (63) 2 8249-5220
USSC DPO Email: [email protected]
UMSI DPO Email: [email protected]
USSC and UMSI reserves the right to update or revise this privacy notice at any time and will provide a new privacy notice whenever there are substantial changes. Prior versions shall be retained and may be provided to the data subjects upon request.
Date Last Updated: September 25, 2025
