I.       Introduction

 

Robinsons Bank (now merged with Bank of the Philippine Islands (BPI) with BPI as the surviving entity) (the "Bank"), seriously commits itself to the protection of your privacy rights. This Privacy Consent and Notice ("PCN") reflects our commitment to ensure that data subjects from whom we collect and process financial and personal data about, are adequately informed of the organization's activities with respect to such data. In relation thereto, we endeavor to obtain your informed consent to continue processing your personal data under the terms provided hereunder.

II.      Collection/Processing of Personal Data

 

As a condition for the use of the Bank's facilities, products, and services, we collect financial and personal data relating to you as disclosed and/or transmitted to us by you and/or any of your authorized agent/representative/s and/or any of our authorized third party processors, via the Bank's authorized channels, in accordance with Republic Act (R.A.) 10173, otherwise known as the "Data Privacy Act of 2012" of the Republic of the Philippines, including its Implementing Rules and Regulations (IRR) as well as all other guidelines and issuances by the National Privacy Commission (NPC). We shall process your information only for the following purposes:

 

•         fulfillment, delivery, support, and maintenance of the Bank facilities, products and services;

•         approve, facilitate, administer and process applications and transactions;

•         respond to queries, requests and complaints and improve how we interact with you;

•         communicate with you, including sending of your statements and/or billings, administrative communications about any account you may have with us or about future changes to this privacy statement;

•         design new or enhance existing products and services provided by us;

•         perform demographic and behavioral analysis to understand market's needs, wants and trends to be able to improve and recommend suitable products and services;

•         personalize the appearance of our websites or mobile app and include location-based services such as finding the ATMs or branches nearest to you;

•         communicate with you regarding the Bank's products and services information, including offers, promotions, discounts, rewards, advisories, notices, and for personalizing your experience with our various touch points such as branches, ATM, telemarketing, email, SMS, Chat Messaging Service (CMS), Social Networking Service (SNS), and other marketing and communication channels;

•         perform certain protective safeguards against improper use or abuse of our products and services including fraud prevention;

•         to utilize data analytics that will help the organization improve and develop customer experience and assistance;

•         comply with our operational, audit, administrative, credit and risk management processes, policies and procedures, the terms and conditions governing our products, services, facilities and channels, the Bank's rules and regulations, legal and regulatory requirements of government regulators, judicial and supervisory bodies, tax authorities or courts of competent jurisdiction, as the same may be amended or supplemented from time to time;

•         comply with applicable laws of the Philippines and those of other jurisdictions including the United States Foreign Account Tax Compliance Act (FATCA), the laws on the prevention of money laundering including the provisions of Republic Act No. 9160 (Anti-Money Laundering Act of 2001, as amended (AMLA) and the implementation of know your customer (KYC) process/procedures and sanction screening checks;

•         comply with legal and regulatory requirements such as submission of data to credit bureaus, credit information companies, the Credit Information Corporation (CIC) (pursuant to RA No. 9510 and its implementing rules and regulations), responding to court orders and other instructions and requests from any local or foreign authorities including regulatory, governmental, tax and law enforcement authorities or other similar authorities;

•         background checks through character reference verification; and

•         perform other such activities permitted by law or with your consent.

 

Further, if you already are, become, or apply to become a client of our parent company and/or any of our subsidiaries and affiliates, the Bank including its parent company and the subsidiary/ies and/or affiliate/s concerned have the option, but not the obligation, to rely upon, use, and share your relevant personal data and/or account information for any of the following purposes:

 

•         to facilitate and integrate your account opening or application with the concerned subsidiary/ies or affiliate/s;

•         to validate, consolidate or update your customer information records and/or credit history;

•         to provide consolidated billings, deposit or investment summaries or other reports as you may request;

•         to send you advisories, reminders, announcements, promotions, offers, invitations and other notifications;

•         for market and financial research purposes, including sharing of data analytics results to design banking, financial, securities and investment or other related products or services for your use as well as to improve customer experience and assistance;

•         additional background checks through character reference verification; and

•         to comply with a legal obligation to which the Bank or the concerned subsidiary/ies or affiliate/s is subject.

 

III.    Personal Data Sharing / Disclosures

 

Internal Disclosures

 

We will also encode your personal data into our electronic client database stored in our local data centers as well as via third-party cloud storage facilities/systems. These data centers and systems are covered by appropriate physical, technical, and organizational measures to ensure your privacy is adequately protected. Only authorized personnel within the organization are allowed access to your data and only for the purposes we have mentioned.

 

Third Parties

 

We allow access to your personal data to trusted and authorized third-party companies, businesses and vendors engaged with the Bank who provide services including, among others:

 

1.  Cloud storage facilities/systems to meet the Bank's storage management requirements;

2.  Utilize Electronic Communication Services including among others, SMS, CMS, SNS, email and similar communication channels; and Non-Electronic Communication channels such as but not limited to printed letter(s) for the intent of customer info updating, promotions and other related materials.

3.  Implementation of protective safeguards against improper use or abuse of our products and services including the prevention of fraud and all forms of unauthorized access to your personal and financial services;

4.  For fulfillment and support of the Bank's contractual obligations in delivering its products and services to you;

5.  Data analytics that will help the Bank design and develop new or improve existing products, services, and customer experience and assistance;

6.  Services that would assist compliance with the Bank's operational, audit, administrative, credit and risk management processes, policies and procedures, the terms and conditions governing our products, services, facilities and channels, The Bank's rules and regulations, legal and regulatory requirements of government regulators, judicial and supervisory bodies, tax authorities or courts of competent jurisdiction, as the same may be amended or supplemented from time to time.

 

The Bank will remain responsible over the personal data disclosed to such third parties. As such, we will ensure that such third parties are contractually obligated to comply with the requirements of the Data Privacy Act and shall process your data strictly in accordance with the purposes enumerated above. You may request for additional information on the identities of these parties from the Office of the Data Protection Officer.

 

We also have legal obligation to disclose relevant and necessary personal data to government regulatory agencies in accordance with reportorial requirements established by law.

 

We will not share or disclose your personal data to unauthorized third parties without your consent unless we are legally required to do so.

 

We reserve the right to use or disclose any information as needed in order to comply with applicable laws and regulations; to protect the integrity of our system, products and services and in the provisioning of the same; to fulfill your request; or when required to cooperate in any law enforcement investigation or in instances involving public safety subject to appropriate procedures for verification, due diligence, and authentication.

 

IV.    Cross-Border Transfer of Personal Data

 

We may need to transfer your personal data from the Philippines to another jurisdiction where the Bank, its subsidiaries and affiliates, and third-party partners may maintain their facilities and resources, in giving effect to the purposes mentioned herein. Where personal data is transferred outside the Philippines, we will implement appropriate legal mechanisms to ensure that your personal data remains adequately protected upon reaching its destination, as required by applicable privacy laws depending on the location of transfer.

 

V.     Retention and Disposition of Personal Data

 

We will keep your data only for as long as is necessary for the fulfillment of the declared, specified, and legitimate purposes mentioned above. After which, we shall dispose of it in a lawful and secure manner that would keep your personal data from being further processed and/or accessed by unauthorized parties in accordance with the organization's retention and disposal policy.

 

In relation thereto, we would like to inform you that it is the organization's policy to retain the personal data you shared with us, even when the said application with us proves unsuccessful. We maintain such application database solely to introduce future offerings better suited for you and/or to process additional products and services you may wish to avail.

 

VI.    Your Rights as a Data Subject

 

1.        The Right to be Informed – This PCN honors your right to be informed of whether personal data pertaining to you will be, are being, or were processed, including its disclosure to third parties, if any. As you will see above, we endeavored: i) to provide you with a description of the personal data we collect and process pursuant to purposes enumerated above; ii) to obtain your consent; iii) to explain the scope and method of the collection and sharing; and iv) to provide you with information on the recipients of the personal data collected and shared;

 

2.        The Right to Object – You shall have the right to object to the sharing of your data. Should there be any changes in the information provided to you in this PCN, you shall be informed of such changes and your consent thereto is to be obtained before such changes are implemented.

 

3.        The Right to Withdraw Consent Anytime – You shall have the right to withdraw your consent to this PCN anytime.

 

4.        The Right to Access, Rectification, Erasure and/or Blocking – You shall have the right to request for a copy of any personal data we hold about you, including the sources from which such data was collected and to whom the same is shared, if any. You may ask it from us through the contact information provided below and we will provide it in a machine-readable format. You shall have the right to have it corrected or revised if you think it is inaccurate or incomplete, subject to the submission of sufficient proof establishing the same.You shall have the right to suspend, withdraw or order the blocking, removal or destruction of your personal data should you a) discover that it is incomplete, outdated, false, unlawfully obtained, used for an unauthorized purpose, no longer necessary for the abovementioned purposes; b) withdraw your consent thereto; or c) discover violations of your right as a data subject.

 

VII.  Contact Us

 

If you have any questions or concerns about this PCN or with our personal data processing activities, please reach us through the following contact information:

 

DATA PROTECTION OFFICER

Robinsons Bank Corporation

17th Floor Galleria Corporate Center

EDSA corner Ortigas Avenue

Quezon City Philippines

dpo@robinsonsbank.com.ph

 

VIII. Amendment

 

The Bank may change this PCN from time to time by notifying you on the updates to the PCN and to secure your consent when necessary. You are also encouraged to visit the Bank's official website frequently to stay informed about how the Bank uses your personal information.