Skip to Content

Privacy Policy

Policies Links

Privacy Policy

Terms & Conditions

Security Policy

Shipping Policy

Refund Policy

Cookie Policy

Merchant Policy

Rider Policy



Company: MISMO PH Digital Solutions OPC

Policy Version: 1.0.1

Effective Date: January 2026

Last Updated: January 2026

Governing Law: Republic Act No. 10173 (Data Privacy Act of 2012) and its Implementing Rules and Regulations.

1. INTRODUCTION AND SCOPE

MISMO PH Digital Solutions OPC ("MISMO," "we," "us," or "our") operates a technology-driven platform accessible via mobile application and website (the "Platform") that connects Customers, Merchants, and Independent Service Providers/Riders (collectively, "Users," "you," or "your").

This Comprehensive Privacy Policy ("Policy") describes our strict practices regarding the collection, use, storage, disclosure, and protection of your Personal Data and Sensitive Personal Information (as defined under Philippine law) when you interact with our Platform.

By registering an account, accessing, or using the Platform, you expressly acknowledge that you have read, understood, and consent to all the terms of this Policy. If you do not agree, you must immediately cease using the Platform and services.

2. DEFINITIONS

  • Data Subject – The individual to whom the Personal Data relates (i.e., the User).

  • Personal Data – Any information from which the identity of an individual is apparent or can be reasonably and directly ascertained (e.g., name, address, contact details, location data).

  • Sensitive Personal Information (SPI) – As defined under the DPA, including but not limited to government-issued ID numbers, financial information, and data that might be used for identity fraud.

  • Processing – Any operation performed on Personal Data, including collection, recording, storage, retrieval, use, combination, erasure, or destruction.

  • Consent – Freely given, specific, informed indication of will, signified by a clear affirmative action.

3. DATA WE COLLECT

We collect data through three primary means: Provided, Automated, and From Third Parties.

3.1 Data You Provide Directly

  • Account Registration: Full name, email address, mobile number, permanent and delivery addresses, profile picture, date of birth (for age verification), and a secure hashed password.

  • Verification Data (for Riders & Merchants): Government-issued IDs (Driver's License, Passport, SSS/GSIS ID, PhilSys ID, TIN ID), identification numbers (SSS, TIN, PhilHealth), vehicle documentation (CR, OR, insurance), proof of business (DTI/SEC, Mayor's Permit, BIR Registration), and biometric data ("selfie" photo for real-time identity matching).

  • Transaction & Service Data: Order details (items, quantities, special instructions), delivery addresses (including recipient details), payment instructions, call/message logs within the Platform's chat function, and audio recordings of customer service calls for quality assurance and dispute resolution (with prior notification).

  • Marketing Communication Preferences: Your choices regarding receiving promotional materials.

3.2 Data Collected Automatically

  • Device Information: Hardware model, operating system and version, unique device identifiers (IMEI, MAC address), IP address, mobile network carrier, and browser type.

  • Location Information: Continuous, real-time GPS location data for Riders when the app is active; precise location for Customers when the app is in use; approximate location derived from IP address. Location permissions can be managed via device settings, but disabling precise location may severely limit Platform functionality.

  • Usage & Log Data: Pages/screens viewed, app features accessed, clickstream data, search queries, timestamps, duration of activity, and crash reports/diagnostics data.

  • Cookies & Tracking Technologies: We use first-party and third-party cookies, web beacons, pixels, and SDKs. See our separate Cookie Policy for an exhaustive list and management options.

3.3 Data From Third-Party Sources

  • Background Check Agencies: Criminal record checks and driving history verification for Riders.

  • Payment Service Providers: Transaction status and limited payment account information.

  • Social Media Platforms: Public profile information if you link your account or log in via social media.

  • Credit Information Agencies: Creditworthiness information for merchant partners (with consent).

  • Public Databases & Government Agencies: Validation of business licenses and permits.

4. PURPOSES AND LEGAL BASES FOR PROCESSING

We process your data based on the following legal grounds under the DPA:

A. Service Fulfillment & Contractual Necessity

To create/manage your account, authenticate your identity, and provide the core Platform services (matching, delivery, payment processing).

Legal Basis: Performance of a contract with you (the Terms of Service).

Data Categories Involved: Account, Transaction, Location, Communication.

B. Legal & Regulatory Compliance

To fulfill our tax obligations, comply with business licensing laws, respond to lawful requests from authorities, and prevent fraud/money laundering.

Legal Basis: Compliance with a legal obligation.

Data Categories Involved: Verification Data, Transaction, Account.

C. Legitimate Interests

To maintain Platform security, integrity, and functionality; for network and information security; to prevent fraud and abuse; for direct marketing of similar services (with opt-out); to conduct data analytics for service improvement; to handle customer support and disputes.

Legal Basis: Our legitimate business interests, balanced against your rights.

Data Categories Involved: Technical, Usage, Transaction, Communication.

D. Consent

For specific, optional purposes clearly communicated to you at the point of collection, such as biometric "selfie," precise location for non-essential features, or marketing communications from third-party partners.

Legal Basis: Your explicit, prior consent.

Important: You may withdraw consent at any time.

5. DATA SHARING AND DISCLOSURE

We implement a principle of data minimization in sharing. Your data is only disclosed under strict protocols:

Essential Service Providers (Data Processors): We engage vendors under strict data processing agreements (DPAs). They are prohibited from using your data for any purpose other than providing us their contracted service. These include cloud hosting providers, payment gateways, communication services, analytics providers, and background verification agencies.

Other Platform Users (Necessary for Transaction):

  • Customer data shared with Rider: Name, delivery address, contact number, order details.

  • Rider data shared with Customer: Name, profile photo, vehicle details, real-time location, and contact number.

  • Merchant data shared with Rider: Business name, pickup address, contact number, order details.

Legal & Governmental Authorities: When required by law, subpoena, court order, or if necessary to protect our rights, your safety, or the safety of others, to investigate fraud, or respond to a government request.

Corporate Transactions: In connection with a merger, acquisition, financing, reorganization, or sale of assets, where user data is part of the transferred assets. You will be notified via email and/or a prominent notice on our Platform of any change in ownership.

With Your Express Consent: For any other purpose not listed here, we will seek your clear, separate consent.

6. CROSS-BORDER DATA TRANSFERS

Our primary data centers are located within the Philippines. However, some of our third-party service providers may process or store data in facilities located outside the Philippines.

In such cases, we ensure that:

  1. The recipient country provides an adequate level of data protection as deemed by the Philippine National Privacy Commission (NPC), OR

  2. We establish and enforce legally recognized transfer mechanisms, such as Standard Contractual Clauses (SCCs) approved by the NPC, and ensure the third party provides safeguards equivalent to the DPA.

You may contact our DPO for details on specific international transfers.

7. DATA SECURITY AND INTEGRITY

We employ a layered security approach aligned with international standards:

Administrative Measures: Strict access controls based on the "need-to-know" principle, mandatory data privacy training for all employees, and a comprehensive incident response plan.

Technical Measures: Encryption of data both in transit (TLS 1.2+) and at rest (AES-256); regular security penetration testing and vulnerability assessments; secure coding practices; use of firewalls and intrusion detection/prevention systems.

Physical Measures: Access controls to our data processing facilities.

Retention & Disposal: We retain Personal Data only for as long as necessary to fulfill the stated purposes, or as required by law (e.g., tax records are kept for 10 years). Data is securely destroyed using industry-standard methods upon expiry of the retention period.

8. YOUR RIGHTS AND HOW TO EXERCISE THEM

You have the following rights under the Data Privacy Act:

  1. Right to Access & Data Portability: Request a copy of your Personal Data in a structured, commonly used, and machine-readable format.

  2. Right to Rectification: Request correction of any inaccurate or incomplete data.

  3. Right to Erasure ("Right to be Forgotten"): Request deletion of your data, subject to our legal obligations to retain certain information.

  4. Right to Object: Object to processing based on legitimate interests, including direct marketing.

  5. Right to Restrict Processing: Request a temporary halt to processing while a dispute about accuracy or lawfulness is resolved.

  6. Right to Withdraw Consent: Withdraw previously given consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

  7. Right to Lodge a Complaint: File a complaint directly with the National Privacy Commission (NPC).

Procedure for Requests: Requests must be submitted in writing to the DPO. We will verify your identity before processing any request. We will respond to legitimate requests within a reasonable period, not exceeding thirty (30) calendar days from receipt, as required by law. There is no fee for exercising your rights unless the request is manifestly unfounded, excessive, or repetitive.

9. MINORS' PRIVACY

The Platform is not intended for individuals below the age of eighteen (18). We do not knowingly collect Personal Data from minors. If we become aware that a minor has registered, we will take steps to delete the account and any associated data. Parents or guardians who believe their child has submitted data to us should contact our DPO immediately.

10. AUTOMATED DECISION-MAKING

The Platform uses automated algorithms for purposes essential to the service, including rider-dispatch and order matching, dynamic pricing, fraud detection, and personalized merchant recommendations.

You have the right to contest decisions based solely on automated processing that significantly affect you, by requesting human intervention and expressing your point of view.

11. UPDATES TO THIS POLICY

We may update this Policy to reflect changes in our practices, services, or legal requirements. The "Last Updated" date at the top will be revised. For material changes, we will provide prior notice through the Platform interface and/or via email at least fifteen (15) days before the changes take effect, allowing you to review the changes. Your continued use after the effective date constitutes acceptance of the revised Policy.

12. CONTACT INFORMATION

MISMO PH Digital Solutions OPC

Designated Data Protection Officer (DPO)

[Insert Complete Registered Office Address]

Email: legal@mismoph.com

Hotline: Insert Number Here

For all privacy-related concerns, requests, or complaints, please contact our DPO first. If you are unsatisfied with our response, you have the right to contact the:

National Privacy Commission (NPC)

5th Floor, PIC Building, 351 Sen. Gil Puyat Avenue,

Makati City, Metro Manila, Philippines

Complaint Desk: https://www.privacy.gov.ph/complaints-main/

Hotline: 8234-2228