SmartSari Information and Security Guide

This Information and Security Guide (or “Security Guide”) provides SmartSari Users and other stakeholders with vital and useful information, directions and recommendations related to the protection of Personal Data and other information in the course of their use of the SmartSari Platform, including the SmartSari website and mobile application (“App”), and facilities from authorized service providers, such as partners, vendors, and suppliers.

Users shall be required to read and abide by this Security Guide together with the SmartSari Data Privacy Policy and Terms and Conditions of Use in order to transact on the SmartSari Platform, the SmartSari website and App.

This Security Guide is divided into the following sections:

1. Identity Theft Prevention
2. Fraud Prevention
3. Secure Transaction
4. Data Privacy Management
5. Security for Financial Services
6. Tips for Maintaining Account Security

A. Identity Theft Prevention

Lack of care and irresponsible sharing of SmartSari account and personal information may cause Users to lose control of their SmartSari account and the funds therein. Hackers and other bad actors use account hijacking/phishing practices to steal not only funds and credits but also the identity of Users across many platforms and as part of other criminal schemes. Users may encounter phishing and other attempts to steal their Personal Data and SmartSari account information and the following are reminders to prevent these attempts:

1. SmartSari endeavors to prevent unauthorized access and identity theft. Utmost care in the collection and storage shall be exercised over proofs of payment, identification documents and ID cards, and Savings Book to avoid unauthorized disclosure.
2. Users are likewise expected to be responsible for protecting their Personal Data, such as their e-mail address, username, password, OTPs (One Time Passwords) code, and credit card and banking information. Users shall keep Personal Data and account information related to their SmartSari account private and highly confidential and should not disclose said information to others. Also take care of proofs of payment, ID cards, and bank books to prevent from falling into the hands of parties who may try to take over your account.
3. SmartSari shall communicate only through official channels, such as Instagram, Facebook, Twitter, and WhatsApp Official Accounts and support@smartsari.com. SmartSari Users shall avoid accessing e-mails from unknown or doubtful sources or clicking any suspicious links. Be wary of providing User log-in and Personal Data for such purposes as supposed deliveries, shipping insurance, or other various notifications. When in doubt, confirm with SmartSari through official channels before logging in or providing information.
4. SmartSari Users are reminded that the OTP (One Time Password) is highly confidential and sensitive. OTPs are provided only upon request of and for the use of SmartSari users. Do not share the OTP. It must be entered only on the official SmartSari website/application. SmartSari will not request for your OTP other than for the purpose it was requested by the User.

B. Fraud Prevention

Be wary of scams and frauds perpetrated by unauthorized parties or those that claim to represent SmartSari.

1. SmartSari Users shall pay only the specific amount stated in their transaction bill or invoice generated by their transaction. Do not pay any other amount requested by unauthorized third parties (such as those claiming to be government authorities) or similar requests for additional fees not included in the transaction bill.
2. SmartSari Users shall transact only through the SmartSari website/application. Exercise caution when dealing with parties who claim to represent SmartSari outside official channels, especially those that offer promos, vouchers, gifts, or inform Users of supposed transaction, delivery, verification and/or other issues. Verify through official channels in case of doubt.
3. Be careful of those who act in the name of SmartSari. Don't easily trust parties that claim to act on behalf of SmartSari who offer promos/vouchers/gifts, or inform you of transaction, delivery, verification and other problems. You can see a list of official SmartSari accounts that are stated in official SmartSari website (www.smartsari.com) and support@smartsari.com.

C. Secure Transaction

1. Transactions shall only be conducted through the official SmartSari Payment System. SmartSari shall never require payment through other methods or platforms.
2. SmartSari Users are expected to be aware of their specific billing number. Pay only the specific amount as required by the transaction as stated on the transaction bill from the SmartSari website or App.

D. Data Privacy Management

In accordance with the Terms and Conditions of Use (TCU), the SmartSari Data Privacy Policy and applicable law, rules and regulations, SmartSari collects and processes User's Personal Data which enables it to perform the services required and agreed to by Users, to comply with legal obligations, contractual or otherwise, and necessary for the legitimate interests of SmartSari.

1. SmartSari shall develop and implement a comprehensive data protection strategy through the implementation of its Privacy Management Program. SmartSari shall exercisecontrol of all Personal Data in its custody through reasonable and appropriate organizational, physical and technical measures for the protection and use thereof.
2. Users and other concerned data subjects shall be informed of the Personal Data collected and processed by SmartSari, the purpose thereof, the security measures implemented to protect them, their rights as data subjects, as well as other relevant information through the SmartSari Data Privacy Policy.
3. For the processing of Personal Data that require User consent, SmartSari shall ensure that said consent is freely given, specific, and informed and evidenced by written, electronic or recorded means.
4. Users may suspend, withdraw or request the blocking, removal or destruction of their Personal Data from the SmartSari Platform, including the SmartSari website and App. Users shall be informed that the above request shall result in closing the User account and inability to access SmartSari and related services.
5. SmartSari shall protect and ensure the continued security of Personal Data by operationalizing such technical measures such as encryption while at rest and in transit.
6. SmartSari shall endeavor to make Personal Data consistently available to concerned data subjects by continuously assessing security risks, the appropriate level of security, and employing resilience strategies to address possible contingencies.
7. SmartSari maintains commercial and cooperative endeavours with Related and Authorized Third Parties (as defined by the SmartSari Data Privacy Policy) that may require access to Personal Data and data sharing, under prevailing data-sharing or outsourcing agreements.
8. SmartSari is legally bound to abide by orders, requests and other processes necessary to carry out the functions of public authority, including, the independent, central monetary authority, judicial courts, and law enforcement and regulatory agencies in accordance with the prevailing laws regarding data privacy.
9. SmartSari shall monitor data processing and employ stringent access control protocols for all personnel authorized to have access and process such data, including its employees, contractors, representatives and other Related and Authorized Third Parties.
10. SmartSari will record all Personal Data processing activities and maintain encrypted logs for such necessary period in accordance with the relevant regulatory, contractual, and business requirements.
11. In accordance with every data subject's right to access their personal information, SmartSari will provide access thereto. Logs of data processing and changes, alterations and modifications to User personal information shall be retained only for a period of one (1) year from the date the processing, changes, alterations and modifications were made.
12. Disclosure of Personal Data and the processing or changes done thereon shall be in accordance with law.
13. In accordance with every data subject's right to correction and rectification of errors and inaccuracies, SmartSari Users may request for updating or correction of their Personal Data. Users shall be notified of the corrections done thereon.
14. User-provided Personal Data shall be subjected to data verification through publicly available and other sources of information, including information available through Related and Authorized Third Parties.
15. SmartSari shall store and process User Personal Data only as necessary: a) for the fulfilment of the declared, specified, and legitimate purposes; b) for the establishment, exercise or defense of legal claims; c) based on legitimate order of a law enforcement agency; or d) for legitimate business purposes, which shall be in accordance with applicable laws and regulations. In the absence of said purposes, Personal Data shall be securely destroyed in accordance with the SmartSari Data Privacy Policy.
16. In accordance with its Privacy Management Program, SmartSari shall engage in continued data privacy awareness and education for SmartSari employees, contractors, representatives and other Related and Authorized Third Parties.

E. Security for Financial Services

1. Data privacy and information security measures shall be employed to protect personal data, including use of data encryption.
2. Data and Personal Data relayed through SmartSari Platform will shall be protected and secured to prevent incomplete transmission, misrouting, unauthorized message alteration, unauthorized disclosure, unauthorized message duplication or reply.
3. End-to-end encryption shall be employed to secure transmission of User passwords and sensitive Personal Data to avoid exposure at any intermediate nodes and during verification. To safeguard the confidentiality of said information, verification shall occur only in hardened and secure environments.
4. Suspicious or fraudulent online transactions shall be promptly addressed and investigated.
5. SmartSari shall notify Users of suspicious activities or fund transfers above a certain threshold. The notification shall contain such necessary information such as type of transaction and payment amount, as well as instructions on how to report and address unauthorised transactions.
6. SmartSari endeavors to inform Users of security best practices which they should adopt when using SmartSari's financial services. This includes the measures to be taken to secure electronic devices that are used to access financial services.
7. SmartSari shall inform its Users on the means to detect unauthorized transactions and to promptly report security issues, suspicious activities or suspected fraud.

F. Tips for Maintaining Account Security

1. Change your SmartSari and other related account passwords (e-mail, Facebook, Google+, etc.) at least once every 90 days. Make sure that the accounts do not use the same password.
2. Use a password with a combination of letters and numbers and special characters (!, @, #, $ and so on).
3. Be more careful if you access SmartSari from a public place (public wi-fi), or through a device (laptop, cellphone) that doesn't belong to you. Make sure your browser is in Incognito Mode, always log out of your account after using it, and don't forget to clear the history of the browser you are using.
4. If there is suspicious activity that leads to account hijacking, immediately report it to Customer Service via Contact SmartSari: support@smartsari.com.