Updated April 10, 2019
Personal Information refers to any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual. Sensitive Personal Information is any attribute of your personal information that can discriminate, qualify, or classify you such as your age, date of birth, marital status, government-issued identification numbers, account numbers, and financial information. Privileged Information is any and all forms of information which, under the Rules of Court and other pertinent laws, constitute privileged communication (i.e. lawyer-client, priest-confessor, doctor-patient).
Under the Data Privacy Act of 2012, you have the following rights: (1) Right to be informed – you may demand the details as to how your personal information is being processed or have been processed by the Company, including the existence of automated decision-making and profiling systems; (2) Right to access – upon written request, you may demand reasonable access to your personal information, which may include the contents of your processed personal information, the manner of processing, sources where they were obtained, recipients and reason of disclosure; (3) Right to dispute – you may dispute inaccuracy or error in your personal information in the Company systems through our representatives; (4) Right to object – you may suspend, withdraw, and remove your personal information in certain further processing, upon demand, which include your right to opt-out to any commercial communication or advertising purposes from the Company; (5) Right to data erasure – based on reasonable grounds, you have the right to suspend, withdraw or order blocking, removal or destruction of your personal data from the Company’s filing system, without prejudice to the Company’s continuous processing for commercial, operational, legal, and regulatory purposes; (6) Right to secure data portability – you have the right to obtain from the Company your personal information in an electronic or structured format that is commonly used and allows for further use; (7) Right to be indemnified for damages – as data subject, you have every right to be indemnified for any damages sustained due to such violation of your right to privacy through inaccurate, false, unlawfully obtained or unauthorized use of your information; and (8) Right to file a complaint– you may file your complaint or any concerns with our Data Protection Office at 33/F UnionBank Plaza, Meralco Avenue corner Onyx Road, Pasig City, 1600, Metro Manila, Philippines or email@example.com and/or with the National Privacy Commission through www.privacy.gov.ph
All the personal information we collect about you may be combined and processed to improve our products, services, and communications with you. The Company ensures that only authorized employees and third party service providers, who have undertaken to satisfy our stringent corporate, legal, information security, and data privacy requirements, are allowed to process your personal information. Through your express consent, you agree that we may disclose your personal information to our third party service providers who perform business operations on our behalf or partners who collaborate with us to provide services to you and business partners that provide joint communications that we hope you find of interest.
By registering, signing in to, or using the Company’s consent forms in our products, services, web platform and applications, you authorize and consent to the processing, sharing and/or transferring by the Company of your Personal Information relating to your accounts with us for specified purposes which in all cases are in compliance with or pursuant to the Company’s legal or contractual obligations:
Your personal information you provided to the Company shall only be used for the purpose of service and product delivery you consented to, subject to the Terms and Conditions you agreed to. With your express consent, you may agree and authorize the Company to share your personal information with private entities subject to mandatory disclosure pursuant to government and public functions. In all instances, we process and/or disclose your personal information in accordance with the Data Privacy Act and its Implementing Rules and Regulations.
It is the policy of the Company that all systems and storage medium or repositories that store customer data shall have completed the appropriate information security, risk, legal compliance, and privacy impact assessments. Your personal information shall only be stored in the Company- managed environment. Physical copies of documents containing your personal information shall be stored in physical vaults in a sealed and secure manner.
Access refers to a user’s capacity to access or retrieve data stored within a database or other repository. Your personal information can only be accessed and retrieved by authorized personnel of the Company and only pursuant to a legitimate business purpose, in accordance with the consent you have provided us. Remote connectivity to any Company-managed environment is only through Virtual Private Network or Access Gateway technology solutions that will enable us to enforce security controls required to protect your personal information.
Regulation and legitimate company business purpose and policy define the data retention period of your personal information. Pursuant to the Bureau of Internal Revenue Regulation 17-2013, documents pertaining to your billing statements, which indicate taxable transactions shall be preserved for ten (10) years. Further, the Company keeps your personal information as long as it is necessary: a) for the fulfilment of the declared, specified, and legitimate purposes provided above, or when the processing relevant to the purposes has been terminated; b) for the establishment, exercise or defense of legal claims; or c) for legitimate business purposes, which shall be in accordance with the standards of the fintech industry.
The Company has established mechanisms for secure disposal of data from the Company’s systems after the data is no longer required by the business for any legitimate purpose and activity. After the defined retention periods, the Company shall dispose your personal information in a secure manner in order to prevent further processing, unauthorized access, or disclosure to any other party.
Personal Data Breach refers to a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed. A Personal Data Breach shall be subject to notification requirements under the following conditions:
The Company shall notify the National Privacy Commission and affected Customers in case of breach within 72 hours upon knowledge of or reasonable belief by the Company or our third party processor that a personal data breach has occurred. If such event occurs, we shall notify you, through a secure means of communication, of the nature of the breach, your personal information possibly compromised, measures taken to address the breach and reduce negative consequences, contact details of government authorities concerned and our Data Protection Office who can assist you in mitigating the possible ramifications that can compromise you and your right to privacy.
For inquiries, complaints, and other concerns, you may address them in writing to the Company’s Data Protection Officer, Ms. Maria Francesca Montes via firstname.lastname@example.org