Privacy Policy

This Privacy Policy is hereby adopted in compliance with Republic Act No. 10173 or the Data Privacy Act of 2012 (DPA), its Implementing Rules and Regulations, and other relevant policies, including issuances of the National Privacy Commission.

XML Employees Multi-purpose Cooperative (referred herein as “XEMCO”, “we”, “us” and “our”) respects and values data privacy rights, and makes sure that all personal data collected from our members, employees, vendors, partners, affiliates and other stakeholders, are handled in adherence to the general principles of transparency and legitimate purpose.

This Privacy Policy explains:
What information we collect and why we collect it
How we use the information and to whom we may disclose it
The choices available for you to manage your personal information
How we protect your personal information

Definition of Terms

“Data Subject” refers to an individual whose personal, sensitive personal or privileged information is processed by the organization. It may refer to officers, members, employees, consultants, and clients of this organization.

“Personal Data” refers to all types of personal information, including privileged information.

“Personal Information” refers to any information whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information or when put together with other information would directly and certainly identify an individual.

“Privileged Information” is any, and all forms of data which, under the Rules of Court and other pertinent laws, constitute privileged communication.

“Processing” refers to any operation or any set of operations performed upon personal information including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of data.

“Sensitive Personal Information’ is personal information that includes your age, date of birth, marital status, social security, and other government identification numbers, and financial information.

Collection of Personal Data

  1. Personal Data: As part of our dealings with you, we may collect your personal data including but not limited to:
    • a. Your name, gender, marital status, name of your spouse, age, date of birth, address, contact numbers, email address, proof of identification, and any other information relating to you which you have provided us in submission of any form as a result of our interaction with you;
    • Your bank account number and information about your existing loans/financing that you provide us in availing of our products and services;
    • Your work-related information regarding your company, and dates of hiring and regularization; and
    • Your employment history, education background and resume when you apply for a job with us.
  2. Collecting Personal Data: We may collect and store your Personal Data in a various ways:
    • When you apply for membership or loans with us by filling out either a manual application form or an online application form;
    • When you provide personal information for your inquiries, requests and complaints;
    • When you respond to surveys, marketing promotions and other initiatives;
    • When you submit a job application;
    • When you visit, browse and use any of the services on our website;
    • When we receive referrals from third parties or our business partners; and
    • When you submit your personal information to us for any other reason.
  3. Personal Data Other Than Yours
    When you disclose to us another person’s personal data (i.e. your spouse, children and/or parents), you attest that consent has been obtained from that person to disclose and process personal information in accordance with this policy.

Use and Disclosure of Personal Information

XEMCO collects, uses and discloses your personal data for the following purposes:

  1. Manage your account and provide services timely and efficiently;
  2. Communicate relevant services — advisories including responses to your queries, requests and complaints;
  3. Participate in any promo, special event and CSR activities of the Cooperative;
  4. Provide information about our products and services which may be of interest to you;
  5. Processing your application for employment when you submit an application with us;
  6. Comply with the requirements of the law and legal proceedings such as court orders, and comply with legal obligation or to prevent imminent harm to public security safety or order;
  7. To prevent, detect and investigate crime, including fraud and money-laundering, and to analyze and manage other commercial risks; and
  8. Process information for statistical, analytical, promotional, and research purposes.

We may disclose your personal information to the following as reasonably necessary, depending on the product and/or service availed:

  1. Our employees, officers and consultants;
  2. Third party service providers that have been contracted by XEMCO to provide technical and other services;
  3. Professional advisers such as lawyers and auditors;
  4. Insurers, receivable financing companies and credit providers; and
  5. Any third-party businesses offering goods and services, or sponsor contest or other marketing and promotional programs.


We may disclose your personal information:

  1. To the extent that we are required to do so, by the law;
  2. In connection with any ongoing or potential legal proceedings;
  3. In order to establish, exercise or defend our legal rights, including providing information to others for the purposes of fraud prevention and reducing credit risk; and
  4. To any person who we reasonably believe may apply to a court or other competent authority for disclosure of such personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of such personal information.

Any company with which we share information about you for the above purposes, is contractually required to comply with confidentiality standards, undertake to respect any individual’s right to privacy and comply with the DPA. We also require that these organizations use this information only for our purposes and follow our reasonable directions with respect to this information. These include organizations which handle or obtain Personal Data as service providers for XEMCO.


Personal information that you publish on our website or submit for publication on our website are handled with utmost confidentiality. If the personal information that you provided are also available publicly, via the internet, we cannot prevent the use or misuse of such information by others.

Accessing and Updating Your Personal Information

You can access and update your personal information by sending an email to or login to the XEMCO website.

Personal Data Retention and Schedule

We keep your data only for as long as necessary:

  1. For the fulfillment of the declared, specified and legitimate purposes provided above, or when the processing relevant to the purpose has been completed or terminated;
  2. For the establishment, exercise or defense of legal claims; and
  3. For other business purposes that are consistent with standards, established or approved by the regulatory agencies governing XEMCO.

Thereafter, your personal data shall be disposed or discarded in a secure manner that would prevent further processing, unauthorized access, or disclosure to any other party or the public.

Withdrawal of Consent

If you wish to withdraw your consent given for any or all purposes set out in this Policy, you may send your detailed request to Depending on the nature of your withdrawal consent, XEMCO may not be able to continue to provide our products and services to you.

Security Safeguard

We implement physical, electronic and managerial procedures to safeguard and help prevent unauthorized access to your information. We opted for these safeguards based on the sensitivity of the information that we collect, process and store, and the current state of technology. Although we take measures to safeguard against unauthorized disclosures of information, the Internet is not 100% secure so we cannot assure you that information we collect or store will be protected from all unauthorized access and thereby used in a manner that is inconsistent with this Privacy Policy.

Third Party Websites

Our websites may contain hyperlinks and details of third-party websites. We have no control over, and are not responsible for, the privacy policies and practices of third parties. We therefore advise you to check their privacy policy and determine how they will handle any information they collect from you.

Cookies and Similar Technologies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the cookie will be stored in your machine, and helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyze data about web page traffic and improve our website to tailor it to customer needs. We only use this information for statistical analysis purposes, after which the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Management and Security

In compliance with the DPA and this Privacy Policy, a Data Protection Officer for XEMCO has been appointed to manage and safeguard the handling of your Personal Data. The XEMCO Board of Directors is committed to ensure that its Privacy Management Program is constantly reviewed, monitored and enhanced.

Updates to the Policy

XEMCO will review and amend this Privacy Policy as needed, if there are changes due to new laws and regulation affecting the DPA, and if there are changes in our business operations and environment. Any updates/changes will be posted on XEMCO’s website so that you are informed of the latest Policy updates.