Privacy Statement and Notice Data Subjects Privacy
Rang-ay Bank (A Rural Bank), Inc. (or hereinafter referred to as the “Bank”) is committed to the proper handling and safeguarding of your personal data. As a data subject, we value and assure you that the Bank protects and respects your privacy, personal data and your rights.
This privacy statement applies to past, present and prospective Bank clients and anyone involved in any transaction or business relationship with the Bank whether it’s in your personal capacity or as a representative of a legal entity (for example, a company executive officer, agent, legal representative, operational personnel, etc.) and non-Bank clients such as payees, contact persons of corporate clients and Bank partners, and other persons involved in the financial services in whatever capacity, subject to data retention regulations and Bank policy.
This data privacy notice informs you how the Bank collects your personal data and how we process it in the course of your business with us in compliance with the requirements of the Data Privacy Act of 2012.
WHAT ARE THE TYPES OF DATA THAT WE COLLECT?
Data for Identification
Personal data that we collect through our official website are limited to what will allow us to properly respond to your queries about the Bank’s product and service offerings as well as complaints. In order for us to do this, we gather only the following personal data from you through our website: Name, Address, Phone, and E-mail Address.
As a matter of implementing the Bank’s customer identification process, our banking offices collect the minimum information and other required information subject to applicable laws.
Data for Availment of the Bank’s Products and Services
It includes your identification data; transaction data such as account numbers and reference numbers related to your account and other data required to process your transaction that can be found on the transaction ledger maintained by the Bank; biometric data processed by the bank which includes the use of data captured through fingerprint recognition, facial recognition technology and liveliness detection mechanisms; financial data such as invoices, credit notes, payslips, payment behaviour, the value of your property or other assets, your credit history, credit capacity, financial products you have with the Bank, whether you are registered with a credit register, payment arrears and income information; sensitive personal data that includes a person’s racial or ethnic origin, political affiliations, religious affirmations; socio-demographic data whether you are married and have children; and, data about your interests and needs that you share with us through the accomplishment of Bank surveys for the purpose of continuously improving the Bank products and services.
We will not record sensitive data relating to your health, ethnicity, religious or political beliefs unless it is necessary. When we do, it is limited under specific circumstances that will be communicated to you requiring your consent.
WHAT IS THE PURPOSE OF OUR DATA COLLECTION?
We use your personal data for legitimate purposes, as follows:
To facilitate the administration, servicing and implementation of the maintenance of your accounts and transactions.
To implement our credit risk management framework such as credit risk and behavioural analysis in assessing your ability to repay a loan based on your personal data and other required information.
To operationalize our products and services delivery.
To provide you with suitable products and services by gathering and analyzing the information collected for the improvement and development of the Bank’s products and services.
To manage customer relationships through your feedbacks, notes we have acquired during conversations with you by our employees in person / via telephone / via website regarding your business dealings and transactions with us as well as personalized marketing.
To prevent and detect fraud and unusual activities that may compromise data security.
To comply with internal and external reporting requirements as part of statutory directives and legal obligations.
HOW DO WE PROTECT, SHARE AND RETAIN DATA?
In keeping your data safe from cybercrime, estafa, fraud, identity theft, financial crimes such as money laundering, terrorism financing, and tax fraud, we implement an internal framework of policies and standards across all our banking offices and business dealings and transactions to include a combination of secure computer and centralized storage facilities and paper-based files and other records. These policies and standards are periodically reviewed, updated and enhanced to be aligned with regulations and market developments. Appropriate measures and controls are operationalized to ensure the confidentiality, integrity and availability of your personal data and how it is processed.
We will not share nor disclose your personal data to any third-party without your explicit consent; however, we are bound to do so under particular circumstances covering legal obligations or compliance with regulatory agencies, laws, or as required by police authorities. Moreover, Bank directors, officers and employees are subject to confidentiality and are not required to disclose your personal data unlawfully or unnecessarily.
To optimize our operational capacity and efficiency, consistent with state laws and in line with regulatory rules and procedures as a supervised entity, we may share your data with the following:
Regulatory Bodies and Other Government Authorities
To comply with the directives of our primary regulators
To comply with our regulatory obligations on preventing money laundering and terrorism
To comply with regulations on central credit information
To comply with tax regulations
To comply with periodic examination and audit conducted by authorized parties To comply with legal requests or court orders on judicial/investigative matters such as the police, public prosecutors, courts and arbitration/mediation bodies
Financial / Remittance Institutions
There are products and services provided by the Bank where other financial/remittance institutions are involved such as the transfer of funds and settlement of payments where your name, address, birthdate, place of birth and account/reference number as sender or beneficiary will be shared or collected.
We engage service providers as subject to a thorough due diligence process. We use personal data that are required for a particular service we engage in. The Bank activities supported by our service providers include:
Placement of advertisements on apps, websites and social media
Preparation of reports, statistics and related models, printed materials and product design
Designing and maintaining of inter-based tools and applications
Collection of funds
Performance of approved services and operations
We keep your personal data for a period not exceeding ten (10) years per BIR regulation or for as long as it is necessary in congruence to regulatory provisions on data retention. We will only keep records of your data beyond the retention period required by regulations, if we are bound to do so under circumstances covering legal obligations or compliance with regulatory agencies, laws, or as required by police authorities. Your digital and physical files will be disposed after this duration.
WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?
As a data subject you are entitled to the following rights:
Right to be informed
You have a right to be informed whether your personal data shall be, are being, or have been processed, including the existence of automated decision-making and profiling.
You shall be notified and furnished with information indicated hereunder before the entry of your personal data into the processing system of the personal information controller, or at the next practical opportunity:
Right to Object
You shall have the right to object to the processing of your personal data, including processing for direct marketing, automated processing or profiling. You shall also be notified and given an opportunity to withhold consent to the processing in case of changes or any amendment to the information supplied or declared to the data subject in the preceding paragraph.
When you object or withhold consent, the personal information controller shall no longer process the personal data, unless:
The personal data is needed pursuant to a subpoena;
The collection and processing are for obvious purposes, including, when it is necessary for the performance of or in relation to a contract or service to which you are a party, or when necessary or desirable in the context of an employer-employee relationship between you and the collector; or
The information is being collected and processed as a result of a legal obligation.
Right to Access
You have the right to reasonable access to, upon demand, the following:
Contents of your personal data that were processed;
Sources from which personal data were obtained;
Names and addresses of recipients of the personal data;
Manner by which such data were processed;
Reasons for the disclosure of the personal data to recipients, if any;
Information on automated processes where the data will, or is likely to, be made as the sole basis for any decision that significantly affects or will affect you;
Date when your personal data were last accessed and modified; and
The designation, name or identity, and address of the personal information controller.
Right to Rectification
You have the right to dispute the inaccuracy or error in the personal data and have the personal information controller correct it immediately and accordingly, unless the request is vexatious or otherwise unreasonable. If the personal data has been corrected, the personal information controller shall ensure the accessibility of both the new and the retracted information and the simultaneous receipt of the new and the retracted information by the intended recipients thereof: Provided, That recipients or third parties who have previously received such processed personal data shall be informed of its inaccuracy and its rectification, upon your reasonable request.
Right to Erasure or Blocking
You shall have the right to suspend, withdraw or order the blocking, removal or destruction of your personal data from the personal information controller’s filing system.
This right may be exercised upon discovery and substantial proof of any of the following:
The personal data is incomplete, outdated, false, or unlawfully obtained;
The personal data is being used for purpose not authorized by the data subject;
The personal data is no longer necessary for the purposes for which they were collected;
The data subject withdraws consent or objects to the processing, and there is no other legal ground or overriding legitimate interest for the processing;
The personal data concerns private information that is prejudicial to you, unless justified by freedom of speech, of expression, or of the press or otherwise authorized;
The processing is unlawful;
The personal information controller or personal information processor violated your rights.
The personal information controller may notify third parties who have previously received such processed personal information.
Right to damages.
You shall be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal data, taking into account any violation of your rights and freedoms as data subject.
WHAT ARE YOUR DUTIES AS A DATA SUBJECT?
To commence and execute our duties as a bank and fulfil our associated contractual duties, you will duly provide certain information based on the requirements of the Bank.
There is also information that we are legally obliged to collect. Without these data we may not be able to open an account for you or perform certain banking activities
SCOPE OF THIS PRIVACY STATEMENT
If you wish to exercise any of your rights or have further inquiries regarding how the Bank manages and handles your personal data, you may reach out to our Data Protection Officer at firstname.lastname@example.org. For complaints and other concerns, you may contact our Consumer Support Unit at email@example.com.
Bank is supervised by the Bangko Sentral ng Pilipinas (BSP). You may also call or email the BSP’s Financial Consumer Protection Department at (02) 708-7087 or firstname.lastname@example.org.