LTOPFPG MercantileBagong Pilipinas
HomeMDMIPPolicy InformationOfficeRegister

Privacy policy - Effective 21 June 2026

Privacy Policy

A plain-language notice describing how the MDMIP portal handles personal and sensitive personal information under the Philippine Data Privacy Act of 2012.

Coverage reminder

The portal is a legal-tech workflow tool. Registration does not activate coverage until payment, document review, certificate issuance, and official activation are complete.

1. Scope and accountable parties

This notice applies to the MDMIP portal and its authorized program operators. It covers customer, beneficiary, agent, employee, applicant, payer, and visitor information processed through the website, related support channels, email notices, document uploads, receipts, exports, and authorized servicing workflows. Depending on the activity, LTOP and program operators may act as a personal information controller or processor for portal workflows, while insurers, FPG Mercantile or Mercantile coordination partners, payment providers, hosting providers, email providers, identity-verification services, and other partners may act as separate controllers or contracted processors for their defined functions.

2. Information we process

We may process identity and contact details; birth date, sex, address, association and transport information; beneficiary details; government-issued ID and KYC records; account identifiers and credentials; application, policy, certificate, payment, remittance, claim, receipt, export, and support records; uploaded photos and documents; consent and declaration records; device, browser, IP, security, location when requested and permitted, audit, and login data. Some records may be sensitive personal information under Philippine law.

3. Purposes and lawful grounds

We process information to create and secure accounts; verify identity and eligibility; receive and review applications; coordinate payment, policy issuance, servicing, proof-of-coverage release, receipts, exports, claims, and the expected 24 to 72 hour post-payment review and activation workflow; communicate status and support; prevent fraud and abuse; keep audit and accounting records; meet legal or regulatory duties; and establish, exercise, or defend legal claims. Depending on the activity, processing is based on consent, steps requested before or during a contract, compliance with law, protection of lawful rights and interests, or another ground allowed by Republic Act No. 10173, the Data Privacy Act of 2012, and its implementing rules.

4. Sources and required fields

Information comes from you, an authorized representative or agent, your organization, authentication and payment providers, insurance and servicing partners, uploaded records, and normal system activity. Fields marked required are needed to complete the stated workflow. If required information is withheld or cannot be verified, an account, application, payment match, certificate, receipt, export, or service request may be delayed or unavailable.

5. Sharing, processors, and international transfers

We disclose only what is reasonably necessary to authorized LTOP personnel, assigned agents, FPG Mercantile or Mercantile coordination contacts, insurers and servicing partners, payment and banking providers, cloud hosting and database providers, email and communications providers, verification vendors, professional advisers, auditors, regulators, law-enforcement bodies, courts, or other parties when authorized or required. Some technology providers may process data outside the Philippines. In those cases, contractual, organizational, and technical safeguards appropriate to the processing are required.

6. Retention and disposal

Records are retained only for the period reasonably necessary for the stated purpose and for applicable insurance, tax, accounting, anti-fraud, audit, dispute, limitation, and regulatory requirements. Retention depends on record type, account status, legal duties, and unresolved claims or investigations. When retention is no longer justified, records are securely deleted, anonymized, or disposed of, subject to reliable backup-cycle limitations.

7. Security and incident response

We use role-based access, authenticated sessions, encryption in transit, restricted storage, audit logging, validation, monitoring, backups, and administrative controls appropriate to the nature of the records. Providing affordable insurance access does not reduce our obligation to protect personal and sensitive personal information. No internet service can promise absolute security. Suspected incidents are investigated and, when legally required, affected individuals and the National Privacy Commission are notified within the applicable period.

8. Your data-subject rights

Subject to lawful exceptions, you may request to be informed, access personal data, correct inaccuracies, object to certain processing, request erasure or blocking, obtain data portability where applicable, withdraw consent for future consent-based processing, lodge a complaint, and seek damages when legally available. We may verify identity, authority, and the scope of a request before acting. Some information must be retained or processed despite a request when law, insurance records, accounting duties, fraud prevention, or legitimate legal claims require it.

9. Cookies, sessions, and automated decisions

The portal uses essential cookies and similar storage for authentication, security, preferences, checkout continuity, and reliable operation. Disabling essential storage may prevent sign-in or transaction completion. The portal may flag records or calculate workflow statuses, but material insurance eligibility, issuance, claim, suspension, or payment decisions should remain subject to authorized review and the governing policy or provider rules.

10. Children, representatives, and accuracy

The portal is not directed to children who cannot lawfully provide the required information or consent. A parent, guardian, or duly authorized representative must act where required. Users and representatives must provide accurate information, keep it current, and avoid submitting another person's data without authority.

11. Requests, complaints, and updates

For privacy requests or complaints, email ltoptransport@gmail.com or use the official support channels listed on the portal. Include enough information to identify the account and request, but never send passwords or one-time codes. This notice may be updated for operational, legal, or regulatory changes; the effective date and material changes will be shown here.

Legal reference: Republic Act No. 10173 and its implementing rules, including data-subject rights, security of personal information, and accountability principles. This public notice should be reviewed with the organization's Data Protection Officer and Philippine counsel before production adoption.

(c) 2026 MDMIP. All rights reserved.MDMIP ProgramLTOP InsuranceFPG Mercantile LTOPTransport Driver InsuranceMember RegistrationPayment StatusQRPH Payment GuideOffice LocationPrivacyTerms and ConditionsAPI DocumentationPolicy InformationPolicy Guidelines