Privacy Policy
PJ Lhuillier, Inc. (PJLI)
PJ Lhuillier, Inc. (PJLI), the company behind Cebuana Lhuillier, upholds the highest standards of data privacy and is committed to protecting the rights and personal information of all individuals.
PJLI ensures that all personal data collected from clients, customers, employees, partners, suppliers, affiliates, and other stakeholders is processed in accordance with the Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and applicable issuances of the National Privacy Commission (NPC).
PJLI is committed to processing personal data in a lawful, fair, transparent, and secure manner, and to upholding the principles of transparency, legitimate purpose, and proportionality in all its data processing activities.
LAWFUL GROUNDS FOR PROCESSING PERSONAL DATA
PJLI processes personal data only when allowed under the Data Privacy Act of 2012 and applicable regulations. Depending on the nature of the transaction, service, or engagement, PJLI may process personal data based on one or more of the following lawful grounds:
- Consent
Where required by law, PJLI processes personal data based on the freely given, specific, informed, and unambiguous consent of the data subject. Consent may be withdrawn at any time, subject to legal, regulatory, and contractual limitations. - Contractual Necessity
Personal data may be processed when necessary to enter into, perform, or fulfill contractual obligations with customers, employees, partners, and stakeholders, including service delivery and transaction processing. - Legal and Regulatory Compliance
PJLI processes personal data as required to comply with applicable laws and regulations, including Anti-Money Laundering (AMLA) requirements, Know Your Customer (KYC) obligations, tax laws, and lawful orders of government authorities. - Legitimate and Lawful Business Purposes
PJLI may process personal data for fraud prevention, security management, business operations, service improvement, audit activities, complaint handling, and protection of legal rights and interests, provided such processing is consistent with applicable law. - Protection of Life, Health, and Safety
Personal data may be processed when necessary to protect the life, health, safety, or vital interests of a data subject or another individual, particularly in emergency or urgent situations.
PJLI ensures that all processing activities comply with the principles of transparency, legitimate purpose, and proportionality.
PURPOSES OF COLLECTING PERSONAL DATA:
PJLI collects personal information directly from data subjects, through authorized representatives, from lawful third-party sources, or as otherwise required by law and regulation. This information is obtained when you manually or electronically submit inquiries, requests, and transactions and services such as:
- Pawning: We accept a variety of pawn collateral, such as gold jewelry, diamonds, cellphones, watches.
- Jewelry sales
- Domestic and International remittance
- Bills payment/ collection payment services
- Corporate payout
- Load wallet/ e-load
- Microloans
- Insurance application
To process general inquiries or concerns about the products and services we offer:
- Name, Middle Initial, Last name
- Contact information (mobile number and email address)
To process your transactions covered by RA 9160, Anti-Money Laundering Act of 2001, as amended:
- Name
- Present address
- Date and place of birth
- Nature of work, name of employer or nature of self-employment/business
- Contact details
- Specimen signature
- Source of funds
- Permanent address
- Nationality
- Identification Cards
- Name, present address, date and place of birth, nature of work and source of funds of beneficial owner or beneficiary, whenever applicable
- When the customer or authorized representative is a foreign national, passport or Alien Certificate of Registration issued by the Bureau of Immigration
PJLI collects only personal data that is necessary, relevant, and not excessive for the stated purposes.
METHODS AND TIMING OF COLLECTION
Personal data is collected through:
- In-person transactions and submitted forms
- Government-issued identification documents
- Online and mobile platforms
- Customer registration systems
- Authorized representatives or third-party sources
- Regulatory and compliance processes (e.g., KYC/AMLA)
Personal data is collected during account opening, transactions, service applications, updates, and ongoing customer engagement.
Additional information may be collected, when necessary, due to regulatory updates, system enhancements, security requirements, or repeated transactions, with appropriate notice provided where required.
DATA STORAGE, PROCESSING, AND LOCATION
Personal data is stored and processed in secure systems and data centers, which may be physical or cloud-based, operated by PJLI or by duly engaged third-party service providers acting as Personal Information Processors (PIPs).
PJLI implements reasonable and appropriate organizational, physical, and technical security measures, including:
- Access controls and authentication systems
- Encryption of data at rest and in transit
- Secure backup and recovery systems
- Firewalls and intrusion detection systems
- Regular security assessments and audits
- Personnel training on data protection
Where personal data is processed by third parties, PJLI ensures that appropriate contractual safeguards are in place to protect data in accordance with the Data Privacy Act and NPC issuances.
DATA USE AND PROCESSING
Personal data is used only for the purposes for which it was collected, including transaction processing, compliance, and service delivery.
PJLI may perform additional processing activities such as:
- Validation and verification
- Fraud monitoring and detection
- Risk assessment
- System maintenance
- Data quality management
Service-related communications may be sent to customers. Marketing communications shall only be conducted where permitted by law and/or with the data subject’s consent, where required. Data subjects may opt out of marketing communications at any time.
DATA SHARING AND DISCLOSURE
PJLI may share personal data with:
- Authorized employees
- Affiliates
- Service providers and business partners
- Regulatory authorities
- Law enforcement agencies
- Other third parties when required
Such sharing is done only:
- on a need-to-know basis
- for lawful and declared purposes
- in compliance with legal obligations or contractual requirements
PJLI ensures appropriate safeguards through Data Sharing Agreements, Data Processing Agreements, confidentiality agreements, and other contractual mechanisms.
CROSS-BORDER TRANSFER
Where personal data is transferred, accessed, or stored outside the Philippines, PJLI ensures that appropriate safeguards are in place and that such processing complies with the Data Privacy Act of 2012 and NPC requirements.
Safeguards may include contractual protections, security assessments, and technical and organizational measures to protect personal data throughout its lifecycle.
PERSONAL DATA SECURITY AND BREACH MANAGEMENT
PJLI implements appropriate organizational, physical, and technical measures to protect personal data against unauthorized access, use, disclosure, alteration, loss, or destruction.
In case of a personal data breach, PJLI shall:
- Assess and contain the incident
- Investigate and mitigate its impact
- Notify affected individuals and the NPC when required by law
- Implement corrective and preventive measures
PJLI maintains incident response procedures to ensure timely detection, reporting, and resolution of security incidents.
RETENTION AND DISPOSAL
PJLI retains personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, regulatory, contractual, operational, and audit requirements.
Upon expiry of retention periods, personal data is securely disposed of through appropriate methods such as:
- Secure deletion or overwriting
- Physical destruction of storage media
- Cross-shredding of physical records
- Other industry-standard disposal methods
COOKIE POLICY STATEMENT
PJ Lhuillier, Inc. (“PJLI”, “we”, “our”, or “us”) respects your privacy and is committed to protecting your personal data in accordance with the Philippine Data Privacy Act of 2012, its Implementing Rules and Regulations, applicable issuances of the National Privacy Commission, and other applicable data protection and privacy laws and regulations.
This Cookie Policy explains our use of cookies and similar technologies on our website.
Our website uses only strictly necessary cookies. These cookies are essential for the operation, security, and functionality of the website and do not require user consent under applicable data protection laws.
What Are Cookies?
Cookies are small text files that are placed on your device when you visit a website. They enable certain website functions and help ensure that the website operates securely and efficiently.
The cookies used on our website are limited to those that are strictly necessary for:
- maintaining secure user sessions;
- enabling core website functionality and navigation;
- protecting the website against security threats and fraudulent activity;
- balancing network traffic and ensuring website availability; and
- remembering technical preferences necessary for the website to function during your browsing session.
These cookies do not collect information for advertising, marketing, profiling, or cross-site tracking purposes.
Depending on the specific cookie, limited technical information may be processed, such as:
- session identifiers;
- browser and device information necessary for compatibility;
- security authentication tokens; and
- technical settings required for website functionality.
This information is processed solely to provide and secure the website and is retained only for as long as necessary to fulfill these purposes.
How We Use Cookies
We use cookies solely to:
- ensure the proper operation of the website;
- provide secure access to website features;
- maintain user sessions during your visit;
- protect against malicious activity and unauthorized access; and
- improve the reliability and availability of our online services through essential technical functions.
We do not use cookies for:
- advertising;
- behavioral or targeted marketing;
- user profiling;
- social media tracking; or
- analytics that require prior consent under applicable data protection laws.
Should we introduce any non-essential cookies in the future, we will first obtain your consent where required by applicable law before placing such cookies on your device.
Managing Cookies
Because the cookies used on our website are strictly necessary for its operation, they cannot be disabled through our website.
You may configure your browser to block or delete cookies. However, doing so may affect the security, functionality, or availability of certain features of the website.
Instructions for managing cookies are available through your browser’s help or support settings.
Third-Party Cookies
Our website does not permit third parties to place non-essential cookies on your device for advertising, marketing, profiling, or analytics purposes.
Where third-party services are used solely to support essential website functionality or security, any cookies deployed by such providers are limited to what is strictly necessary for those purposes and are governed by appropriate contractual and data protection safeguards.
If we engage third-party providers that use non-essential cookies in the future, we will update this Cookie Policy and, where required by applicable law, obtain your consent before such cookies are placed on your device.
Changes to this Cookie Policy
We may update this Cookie Policy from time to time to reflect changes in our website, legal obligations, or operational practices. Any updates will be posted on this page together with the revised effective date.
DATA SUBJECT RIGHTS
Data subjects have the following rights under the Data Privacy Act of 2012:
- Right to be informed
- Right to object
- Right to access
- Right to rectification
- Right to erasure or blocking
- Right to data portability
- Right to lodge a complaint with the NPC
- Right to damages (subject to applicable law and judicial determination)
Requests may be submitted through PJLI’s designated contact channels.
How to Exercise Your Rights
Data subjects may exercise their rights under the Data Privacy Act of 2012 by submitting a written request to PJ Lhuillier, Inc. (PJLI) through the following channels:
For proper handling of requests and to protect personal data from unauthorized disclosure, PJLI may require reasonable verification of identity and/or authority, as well as any additional information necessary to properly evaluate and process the request.
PJLI shall evaluate and respond to valid requests in accordance with applicable laws, regulations, and internal procedures, and within reasonable timeframes as required under the Data Privacy Act of 2012 and applicable issuances of the National Privacy Commission. Requests may be subject to legal, regulatory, contractual, or operational limitations as permitted by law.
How to contact us
For feedback, inquiries, and concerns relating to PJLI products and services, you may contact us at:
For concerns relating to data privacy or the exercise of data subject rights, you may contact PJLI through the email addresses provided above.