5.1 Collection and Use of Data. Client agrees that Mochi may obtain information and data from the Client or its Authorized Users in connection with their registration and use of the Mochi Services including, without limitation, personal information. Mochi may also collect and process technical and performance information about Client’s or its Authorized Users’ use of the Mochi Services and use this information to support and troubleshoot issues, provide updates, analyze trends, and improve Mochi’s Services.
5.2 Authorization to Process Data Client hereby consents to Mochi’s processing and transferring of this information, including, if any, personal information, in conformity with the Mochi Privacy Notice, as updated from time to time.
6.1 "Confidential Information" means any and all information disclosed by Mochi to the Client, or accessed or provided by the Client, relating to the Mochi Services including Client’s or its Authorized Users’ use thereof, the relationship contemplated herein, and feedback, except to the extent made public by Mochi. Confidential Information shall also include any associated functionality or service information; any features or functions of the Mochi Services that are disclosed to Client and are not publicly available including, without limitation, non-public or pre-release tools, services, environments or APIs and any associated documentation, and any and all data or information contained therein (“Mochi Proprietary Elements”).
6.2 Confidentiality Obligations. means any and all information disclosed by Mochi to the Client, or accessed or provided by the Client, relating to the Mochi Services including Client’s or its Authorized Users’ use thereof, the relationship contemplated herein, and feedback, except to the extent made public by Mochi. Confidential Information shall also include any associated functionality or service information; any features or functions of the Mochi Services that are disclosed to Client and are not publicly available including, without limitation, non-public or pre-release tools, services, environments or APIs and any associated documentation, and any and all data or information contained therein (“Mochi Proprietary Elements”).
6.3 Public Announcements. Client shall not make any public announcements related to the Mochi Services without Mochi’s prior written approval, which we may grant or withhold in Mochi’s sole discretion.
6.4 Supersedes Prior Agreements. This confidentiality provision supersedes any prior agreements between the parties solely with respect to Confidential Information described in this Agreement.
6.5 Survival of Agreement. This “Confidentiality” section shall survive the termination of this Agreement and shall continue to apply to the Mochi Proprietary Elements unless and until the Mochi Proprietary Elements become generally available to the public without restriction and through no fault of Client or any of its affiliates, agents, consultants, or employees.
7.1 Reservation of Rights. Subject to the limited rights expressly granted in this Agreement, Mochi, its Affiliates, and licensors reserve all of their right, title, and interest in and to the Mochi services, including all of their related intellectual property rights. No rights are granted to the Client in this Agreement, except what is expressly set forth herein.
7.2 License Granted by Client to Mochi. Client grants Mochi, its Affiliates and applicable contractors a worldwide, limited-term license to host, copy, use, transmit, and display any Non-Mochi Applications and program code created by or for Client for use by Client with the Mochi Services, and Client Data, each as appropriate for Mochi to provide and ensure proper operation of the Mochi Services and associated systems in accordance with this Agreement. If Client chooses to use a Non-Mochi Application with the Mochi Services, Client grants Mochi permission to allow the Non-Mochi Application and its provider to access Client Data and information about Client’s usage of the Non-Mochi Application as appropriate for the interoperation of that Non-Mochi Application with the Mochi Services. Subject to the limited licenses granted herein, Mochi acquires no right, title or interest from Client or its licensors under this Agreement in or to any Client Data, Non-Mochi Application or such program code.
7.3 Publicity Requests. Provided that Mochi obtains Client’s prior written consent (via email is permitted), Mochi may use Client’s name or logo or upon Mochi’s request, a mutually agreed upon comment, quotation or statement related to Client’s use of the Mochi Services, each of which may be used by Mochi as a reference for marketing or promotional purposes in connection with the Mochi Services (“Publicity Rights”). The parties acknowledge and agree that Publicity Rights are not a requirement for Client to test or evaluate the Mochi Services.
7.4 License to Use Feedback. Any feedback provided to Mochi by the Client in connection with the Mochi Services may be used by Mochi to improve or enhance Mochi’s Services and any of its features and/or functionalities and, accordingly, Mochi shall have a non-exclusive, perpetual, irrevocable, royalty-free, worldwide right and license to use, reproduce, disclose, sublicense, distribute, modify and otherwise exploit such feedback without restriction.
Each party represents that it has validly entered into this Agreement and has the legal power to do so.
Mochi warrants that during an applicable subscription term (a) this Agreement, its Appendices, and the Policies will accurately describe the applicable administrative, physical, and technical safeguards for protection of the security, confidentiality and integrity of Client Data, (b) Mochi will not materially decrease the overall security of the Mochi Services, (c) the Mochi Services will perform materially in accordance with the applicable Policies, and (d) Mochi will not materially decrease the overall functionality of the Mochi Services. For any breach of a warranty above, Client’s exclusive remedies are those described in the clauses on “Termination” and “Refund or Payment upon Termination”.
EXCEPT AS EXPRESSLY PROVIDED HEREIN, NEITHER PARTY MAKES ANY WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, AND EACH PARTY SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. SERVICES PROVIDED FREE OF CHARGE AND BETA SERVICES ARE PROVIDED “AS IS,” AND AS AVAILABLE EXCLUSIVE OF ANY WARRANTY WHATSOEVER.
11.1 Indemnification by Mochi. Mochi shall only defend Client against any claim, demand, suit, or proceeding made or brought against the Client by a third party alleging that any Mochi Services availed of by the client infringes or misappropriates such third party’s intellectual property rights (the “Client Claim”).
11.1.1 Mochi will indemnify Client from any damages, attorney fees and costs finally awarded against Client as a result of, or for amounts paid by Client under a settlement approved by Mochi in writing of, a Client Claim, provided Client:
1.) promptly gives Mochi written notice of the Client Claim
2.) gives Mochi sole control of the defense and settlement of the Client Claim (except that Mochi may not settle any Client Claim unless it unconditionally releases Client of all liability), and
3.) gives Mochi all reasonable assistance, at Mochi’s expense.
11.1.2 If Mochi receives information about an infringement or misappropriation claim related to a Service, Mochi may in its discretion and at no cost to Client:
1.) modify the Mochi Services so that they are no longer claimed to infringe or misappropriate, without breaching Mochi’s warranties;
2.) obtain a license for Client’s continued use of that Service in accordance with this Agreement, or
3.) terminate Client’s subscriptions for that Service upon 30 days’ written notice and refund Client any prepaid fees covering the remainder of the term of the terminated subscriptions.
11.1.3 The defense and indemnification obligations stated in this section do not apply if:
1.) the allegation does not state with specificity that the Services are the basis of the Claim;
2.) a Claim arises from the use or combination of the Services or any part thereof with software, hardware, data, or processes not provided by Mochi, if the Services or use thereof would not infringe without such combination;
3.) a Claim arises from Mochi Services which are provided at no charge;
4.) a Claim arises from a Non-Mochi Application or Client’s breach of this Agreement, Policies and applicable laws and regulations.
11.2 Indemnification by Client. Mochi shall only defend Client against any claim, demand, suit, or proceeding made or brought against the Client by a third party alleging that any Mochi Services availed of by the client infringes or misappropriates such third party’s intellectual property rights (the “Client Claim”).
11.2.1 Client will defend Mochi and its Affiliates against any claim, demand, suit, or proceeding made or brought against Mochi by a third party:
1.) Alleging that any combination of a Non-Mochi Application or configuration provided by Client and used with the Mochi Services, infringes or misappropriates such a third party’s intellectual property rights; or
2.) Arising from Client’s use of the Mochi Services in an unlawful manner or in violations of this Agreement or the Mochi Policies
3.) Arising from the Client Data or Client’s use of the Client Data with the Mochi Services
4.) Arising from a Non-Mochi Application provided by Client (Each a “Mochi Claim”).
11.2.2 Client will indemnify Mochi from any damages, attorney fees and costs finally awarded against Mochi as a result of, or for any amounts paid by Mochi under a settlement approved by Client in writing of, a Mochi Claim, provided Mochi
1.) promptly gives Client written notice of the Mochi Claim,
2.) gives Client sole control of the defense and settlement of the Mochi Claim (except that Client may not settle any Mochi Claim unless it unconditionally releases Mochi of all liability), and
3.) gives Client all reasonable assistance, at Client’s expense.
11.2.3 The defense and indemnification obligations stated in this section do not apply if a Mochi Claim arises from Mochi’s breach of this Agreement, the Policies, or applicable laws and regulations.
11.3 Exclusive Remedy. This “Mutual Indemnification” section states the indemnifying party’s sole liability to, and the indemnified party’s exclusive remedy against, the other party for any third-party claim described in this section.
IN NO EVENT SHALL THE AGGREGATE LIABILITY OF EACH PARTY TOGETHER WITH ALL OF ITS AFFILIATES ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE TOTAL AMOUNT PAID BY CLIENT AND ITS AFFILIATES HEREUNDER FOR THE SERVICES GIVING RISE TO THE LIABILITY IN THE SIX MONTHS PRECEDING THE FIRST INCIDENT OUT OF WHICH THE LIABILITY AROSE. THE FOREGOING LIMITATION WILL APPLY WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY, BUT WILL NOT LIMIT CLIENT'S AND ITS AFFILIATES’ PAYMENT OBLIGATIONS UNDER THE “FEES AND PAYMENT” SECTION ABOVE.
IN NO EVENT WILL EITHER PARTY OR ITS AFFILIATES HAVE ANY LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT FOR ANY LOST PROFITS, REVENUES, GOODWILL, OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, COVER, BUSINESS INTERRUPTION OR PUNITIVE DAMAGES, WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY, EVEN IF A PARTY OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF A PARTY’S OR ITS AFFILIATES’ REMEDY OTHERWISE FAILS OF ITS ESSENTIAL PURPOSE. THE FOREGOING DISCLAIMER WILL NOT APPLY TO THE EXTENT PROHIBITED BY LAW.
14.1 Term of Agreement. These Terms commence on the Effective Date and will remain in effect unless either party provides written notice of termination upon thirty days’ written notice to the other.
14.2 Term of Subscription. The Term of Subscription shall be as specified in the Appendices applicable to the Mochi Services purchased by Client.
14.3 Termination. A party may terminate this Agreement for cause:
14.3.1 upon 30 days written notice to the other party of a material breach if such breach remains uncured at the expiration of such period, or
14.3.2 if the other party becomes the subject of a petition in bankruptcy or any other proceeding relating to insolvency, receivership, liquidation or assignment for the benefit of creditors.
14.4 Refund or Payment Upon Termination. If this Agreement is terminated by Client in accordance with the “Termination” section above, Mochi will refund Client any prepaid fees covering the remainder of the Term of Subscription after the effective date of termination. If this Agreement is terminated by Mochi in accordance with the “Termination” section above, Client will pay any unpaid fees covering the remainder of the Term of Agreement to the extent permitted by applicable law. In no event will termination relieve Client of its obligation to pay any fees payable to Mochi for the period prior to the effective date of termination.
As we develop the Mochi Services, we may change this Agreement. If we make a material change to the Agreement, we will provide the Client with reasonable notice prior to the change taking effect, either by emailing the email address associated with Client’s account or by messaging the Client through the Mochi Services. The Client can review the most current version of the Agreement at any time by visiting this page. The materially revised Agreement will become effective on the date set forth in Mochi’s notice, and all other changes will become effective upon posting of the change. If the Client accesses or uses the Mochi Services after the effective date, that use will constitute Client’s acceptance of any revised Agreement and conditions.
16.1 Assignment. Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the other party’s prior written consent (not to be unreasonably withheld); provided, however, either party may assign this Agreement in its entirety, without the other party’s consent to its Affiliate or in connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of its assets. Notwithstanding the foregoing, if a party is acquired by, sells substantially all of its assets to, or undergoes a change of control in favor of, a direct competitor of the other party, then such other party may terminate this Agreement upon written notice. In the event of such a termination, Mochi will refund Client any prepaid fees covering the remainder of the term of all subscriptions for the period after the effective date of such termination. Subject to the foregoing, this Agreement will bind and inure to the benefit of the parties, their respective successors and permitted assigns.
16.2 Entire Agreement. This is the entire agreement between the parties relating to the subject matter hereof. If any provision of this Agreement is held by a court of competent jurisdiction to be contrary to law, the remaining provisions of this Agreement shall remain in full force and effect.
16.3 Relationship Between Parties. The parties are independent contractors. This Agreement does not create a partnership, franchise, joint venture, agency, fiduciary or employment relationship between the parties. Each party will be solely responsible for payment of all compensation owed to its employees, as well as all employment-related taxes.
16.4 Waiver. No failure or delay by either party in exercising any right under this Agreement will constitute a waiver of that right.
The address submitted by Client through the Mochi Services shall be the address where Mochi will send the Client the relevant notices. The Mochi entity entering into this Agreement, the address to which Client should direct notices under this Agreement, the law that will apply in any dispute or lawsuit arising out of or in connection with this Agreement, and the courts that have jurisdiction over any such dispute or lawsuit, depend on where Customer is domiciled.
Singapore
Mochi Pte Ltd
#07-12 Manhattan House, 151 Chin Swee Road, Singapore 169876
Singapore
Singapore
Philippines
Mochi Solutions, Inc.
Level 8, Liberty Plaza Building, 102 H.V. Dela Costa Street, Salcedo Village, Bel-Air, Makati City, 1209, Metro Manila, Philippines
Philippines
Makati City, Philippines
This Agreement shall form an integral part of the Mochi Main Services Agreement (MSA). In case of any conflict between the provisions of the MSA and this Agreement, this Agreement shall prevail.
The following terms as used in this Agreement are defined as follows:
2.1 “Consent” refers to any freely given, specific, informed indication of will, whereby the Data Subject agrees to the collection and processing of his/her Personal Data. Consent shall be evidenced by written, electronic or recorded means. It may also be given on behalf of a Data Subject by a lawful representative or an agent specifically authorized by the Data Subject to do so.
2.2 “Data Subject” refers to an individual whose Personal Data is processed.
2.3 “Personal Data” refers to the following terms taken together:
2.3.1 “Personal Information” which refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual;
2.3.2 “Sensitive Personal Information” which refers to information:
2.3.2.1 About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical or political affiliations;
2.3.2.2 About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such individual, the disposal of such proceedings, or the sentence of any court in such proceedings;
2.3.2.3 Issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension or revocation, and tax returns; and
2.3.2.4 Specifically established by an executive order or an act of Congress to be kept classified.
2.3.2.5 Any and all forms of data, which, under the Rules of Court and other pertinent laws constitute as privileged communication.
2.3.2.6 Data about the financial or economic situation of the Data Subject; usernames, passwords and other login data; biometric data; copies of identification documents, licenses or unique identifiers like Philhealth, SSS, GSIS, Tax Identification numbers; or other similar information, which may be made the basis of decisions concerning the data subject, including the grant of rights or benefits.
2.4 “Applicable Privacy Laws” refers to the privacy, data protection, and information security laws that are applicable to the data being processed by Mochi.
2.5 “Mochi Data” refers to data which is transferred or given access to by Mochi to Mochi under this Agreement.
2.6 “Processing” refers to any operation or set of operations performed upon the Mochi Data including, but not limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure or destruction of the Mochi Data. Processing may be performed through automated means, or manual processing, if the Personal Data are contained or are intended to be contained in a filing system.
2.7 “Data Controller” refers to a natural or juridical person, or any other body, who controls the processing of personal data, or instructs another to process personal data on its behalf.
2.8 “Data Processor” refers to any natural or juridical person or any other body to whom a data controller may outsource or instruct the processing of personal data.
2.9 “Data Sharing”means the sharing, disclosure, or transfer to a third party of personal data under the custody of a data controller to another data controller.
2.10 “Data Outsourcing” means the sharing, transfer, or disclosure of personal data that is incidental to a subcontracting agreement between a data controller and a data processor.
2.11 “Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Mochi Data transmitted, stored, or otherwise processed. A data breach may be in the nature of:
2.11.1 availability breach resulting from lost, accidental or unlawful destruction of Mochi Data;
2.11.2 integrity breach resulting from unauthorized alteration; and/or
2.11.3 confidentiality breach due to unauthorized disclosure of or access to Mochi Data.
2.12 “Services” means the obligations of Mochi under the MSA.
3.1 Where the Personal Data processed by Mochi on behalf of the Client is part of the Mochi Services, Client shall be the Data Controller and Mochi shall be the Data Processor, and the transfer shall constitute Data Outsourcing. In this regard, the provisions on the General Obligations of Mochi and the Obligations Applicable to Data Outsourcing shall apply to the data transfer.
3.2 Where the Personal Data processed by Mochi is not part of the Mochi Services, Mochi shall act as a Data Controller and shall comply with the provisions on the General Obligations of Mochi and shall be responsible for ensuring that the Personal Data has been, and will continue to be, collected, and processed in accordance with the requirements of Applicable Privacy Laws.
The details of the Processing to be performed by Mochi is set out in Annex 1 of this Agreement.
5.1 At all times, Mochi shall comply with Applicable Privacy Laws and the terms set out in this Agreement.
5.2 Client shall ensure that the data transfer to Mochi is legitimately made in accordance with Applicable Privacy Laws, including requirements relating to notice, consent, and documentary requirements, as applicable.
6.1 At all times, Mochi shall comply with Applicable Privacy Laws and the terms set out in this Agreement.
6.2 Mochi shall make available to Client all information reasonably necessary to demonstrate compliance with the obligations laid down in this Agreement and allow or and contribute to audits, including inspections of Mochi’s facilities, equipment, documents and data relating to the Processing of Mochi Data conducted by Mochi or its nominated representatives or auditors upon at least fifteen (15) days prior written notice to the Client.
6.3 Implement reasonable and appropriate organizational, technical, and physical security measures intended to ensure the protection of the Client Data from any accidental or unlawful access, destruction, alteration, modification, loss, and disclosure, including, but not limited to:
6.3.1 Limiting access to the Client Data only to authorized personnel who have a need to access the Client Data in order to fulfill the obligations under the MSA or this Agreement;
6.3.2 Ensure that such authorized personnel are contractually bound by non-disclosure and confidentiality obligations as regards the Mochi Data;
6.3.3 Measures that will prevent unauthorized access to or modification of systems or equipment used to perform the obligations under the MSA, including the prevention, detection, and remediation of viruses, among other similar threats to the confidentiality, integrity, and availability of the Client Data;
6.3.4 Transmission of the Client Data in a secure environment
6.3.5 Protection against natural and human dangers, including flood, fire, unlawful access, fraudulent misuse, etc.
6.4 Mochi shall ensure that any subcontractors engaged by Mochi to process Client Data are contractually bound to implement the same level of safeguards required by this Agreement.
7.1 Obligations of the Data Processor.
Where Mochi acts as a Data Processor on behalf of the Client, it shall:
7.1.1 Process the personal data only upon the documented instructions of the Client and the terms of the MSA, including transfers of Client Data to another country or an international organization, unless such transfer is authorized by law;
7.1.2 Ensure that an obligation of confidentiality is imposed on persons authorized to process the Client Data;
7.1.3 Implement appropriate security measures and comply with Applicable Privacy Laws;
7.1.4 May engage another processor with prior written notice to the Client; Provided, that any such arrangement shall ensure that the same obligations for data protection under the contract or legal act are implemented, taking into account the nature of the processing;
7.1.5 Assist the Client, by appropriate technical and organizational measures and to the extent possible, fulfill the obligation to respond to requests by Data Subjects relative to the exercise of their rights;
7.1.6 Assist the Client in compliance with Applicable Privacy Laws, taking into account the nature of processing and the information available to the Client;
7.1.7 At the choice of the Client, delete or return all Client Data to Mochi within thirty (30) days after the end of the provision of services relating to the processing: Provided, that this includes deleting existing copies unless storage is authorized by Applicable Privacy Laws.
7.1.8 Make available to the Client all information necessary to demonstrate compliance with the obligations laid down in Applicable Privacy Laws, and, within commercially reasonable efforts, cooperate in audits, including inspections, conducted by the Client or another auditor authorized by the Client;
7.1.9 Immediately inform the Client if, in its opinion, an instruction infringes Applicable Privacy Laws.
7.2 Data Breach Management
Within twenty-four (24) hours of becoming aware of any unauthorized use or disclosure of the Client Data or any security incident or possible security breach, Mochi shall promptly report such fact to the Client.
8.1 Suspension. This Agreement may be suspended when any of the Parties are under investigation by local data protection authorities for a data breach requiring mandatory notification, as defined under Applicable Privacy Laws. Such suspension shall commence upon the issuance of an order for investigation by the relevant local data protection authority.
8.2 Termination.
8.2.1 Termination of MSA. Termination of the MSA shall result in the termination of this Agreement.
8.2.2 Termination for Material Breach. So long as the rights and welfare of the Data Subjects will not be prejudiced, each party may terminate this Agreement with immediate effect by delivering notice of the termination to the other party if:
8.2.2.1 The other party fails to perform, or otherwise materially breaches, any of its obligations, covenants, or representations, and
8.2.2.2 the failure, or breach continues for a period of thirty (30) days after the injured party delivers notice to the breaching party reasonably detailing the breach
8.2.3 Termination Due to External Circumstances. This Agreement may be terminated by either party upon the issuance by the National Privacy Commission of a temporary or permanent ban on the processing of Personal Data.
8.2.4 Termination on Notice. Either party may terminate this Agreement on any valuable cause on through a written notice delivered to the other party thirty (30) days prior to the termination date.
9.1 Both Parties are not under any restriction or obligation that could affect its performance of its obligations under this Agreement.
9.2 Neither Party’s execution, delivery, and performance of this Agreement and the other documents to which it is a party, and the consummation of the transactions contemplated in this Agreement, do or will result in its violation or breach of Applicable Privacy Laws, and other related and applicable laws, or conflict with, result in a violation or breach of, constitute a default under, or result in the acceleration of any material contract.
9.3 Mochi provides the data to Service Provider as is and does not make any warranty as to the accuracy or completeness of the data.
10.1 The Client Data shall be purged or anonymized within thirty (30) days from the termination of the MSA.
10.2 Upon termination or expiration of this Agreement, Mochi may anonymize the Client Data for its own use.
1. General Details
Purpose of Data Transfer
Performance of Services described in the MSA
storage and other processing necessary to provide, maintain, and improve the Mochi Services provided to Client;
To provide customer and technical support to client; and
Other related and reasonably expected purposes, including, but not limited to, audit, corporate governance, fraud prevention and detection, information security, filing of legal claims, and contract management.
Legal Basis of Data Transfer
Contract
Categories of Personal Information Subject of the Data Transfer
User Details:
Information associated with integrated service account (where client signs up for a Mochi account using third-party integrated services such as Google, Microsoft, or Xero, among others)
First Name
Last Name
Middle Name (optional)
Mobile Number
Email Address
User Photo
User Role
Company Details:
Company Name
Company Logo
Company Address
Company Contact Number
Type of Business
Position
Link to Website
Link to Social Media Account
DTI Registration
Bank/Payment Details:
Bank Name
Bank Address
Account Name
Account Number
Swift Code
Disbursement Method
Categories of Sensitive Personal Information Subject of the Transfer
Government ID
Tax Identification Number
Method of Processing
(How will Service Provider Process the Data?)
Method of Processing
(How will Service Provider Process the Data?)
Manner of Transfer
(Transfer includes read-only access, file transfer protocol, server/database access, etc.)
Email
Estimated Number of Data Subjects
(Please estimate the number of individuals whose personal information will be disclosed by the client to Mochi)
1-100 individuals
Where Data Subjects are Located
Philippines
Origin Country/ies of Personal Data
Philippines
Country/ies Where Personal Data will be Transferred
Philippines, Singapore
Will Mochi subcontract the processing of the Personal Data?
(Should include cloud storage providers like Azure, AWS, etc.)
Yes
Name of Subcontractor: AWS, Kinde, Ingest, Sentry
Address of Subcontractor: Seattle, Washington, United States
Countries where the Subcontractor will process Personal Data
1. Singapore
2. Australia
Processing activities to be performed by the subcontractors on behalf of Service Provider:
1. AWS - Data storage
2. Kinde - Authentication service
3. Inngest - Background worker
4. Sentry - Error tracking and management
Data Protection Officers
Mochi Solutions Pte Ltd
Name of DPO: Yroen Guaya Melgar
Contact Number: +639163667780
Email Address: data@mochi.ph
Term of Data Transfer
co-terminus with MSA
Retention Period
10 years
Method of Data Disposal
Obfuscation of personal data after 10 years of non-use
2. Security Measures
Technical Security Measures
All secret keys are managed by the AWS Secret Manager. The in-house engineering team does not have copies of sensitive access keys. Infrastructure managed by AWS is only connected to a private AWS network. All sensitive traffic is encrypted.
Organizational Security Measures
2FA is implemented for these services:
1. Github
2. AWS
3. Gmail
4. Discord
All client and customer details are encrypted.
Physical Security Measures
There is access security implemented for all devices. If a device gets stolen, a data breach protocol is automatically executed.
3. Operational Details
Description of Process Flow
The client provides personal information to Mochi by inputting it on the Mochi platform. This includes the personal information of the client (where the client is a sole proprietor), the client’s authorized users, the client’s employees, and the client’s customers. When the client avails of the Payment Linking Services, the personal information required by the third-party payments provider to facilitate such services may be disclosed by Mochi to the third-party payments provider.
Reasons for Granting Access to the Transferred Personal Data
To process requested service
Identity verification
Fraud prevention
Troubleshooting
Parties Granted Access to the Transferred Personal Data
Mochi Employees
Third Party Payment Provider (only when payment service is availed of by client)
Frequency of Access
Real-Time Transfer
4. Data Subject Requests
Contact Information of Person Responsible for Addressing Data Subject Requests
Name: Yroen Guaya Melgar
Email Address: data@mochi.ph
How Data Subjects may submit requests in the exercise of their rights
Email data@mochi.ph
