CARD MRI RIZAL BANK DATA PRIVACY STATEMENT
CARD MRI RIZAL BANK, Inc. (“CARD RBI”), including its affiliates and subsidiaries and all members of the CARD Mutually Reinforcing Institutions (“CARD MRI”), values the confidentiality of personal data and is committed to maintaining the privacy of its customers. This Data Privacy Statement (“Statement”), details how CARD RBI uses and protects personal data for the purpose of obtaining the consent of the data subject in accordance with the Republic Act No. 10173, otherwise known as the Data Privacy Act of 2012, and its Implementing Rules and Regulations (“DPA”). This Statement also covers the privacy practices for our customers who apply for and obtain products and services from us, such as, but not limited to, deposits, loans, investments, insurance, remittances, and other such products and services that CARD RBI may offer from time to time.
OUR PRIVACY PRACTICES
The privacy practices described in this Statement are primarily intended for individuals in the Philippines and are designed to comply with the provisions of the DPA. When accessing our websites and/or availing of our services through our branches, you acknowledge and agree that your information may be collected, processed, and transferred within the Philippines following legal and regulatory standards for data protection that may differ from your current or home jurisdictions.
WHAT DATA DO WE COLLECT FROM YOU
To provide the client with CARD RBI’s banking/financial products and services and/or to implement client-requested transactions, CARD RBI shall collect personal information from the client which may include, but is not limited to:
- Name, Age, Date/Place of Birth, Gender, Civil Status, Nationality;
- Address and Contact Details (Home/Business)
- Educational Background;
- Employment History;
- Financial Information (such as income, expenses, balances, investments, tax,
insurance, financial and transaction history, etc.);
- Specimen Signature;
- Permits, Licenses & Registrations;
- Status of Pending Civil/Criminal Cases (if any);
- Telephone conversation recordings through our Customer Service
- CCTV footage for security purposes;
- Religion; · Health/Disability;
- Regulatory Numbers (HDMF/SSS/TIN);
- Housewife/Husband Information (Name/Occupation);
- Valid ID & Photos;
- Mother’s Maiden Name
HOW WE USE YOUR INFORMATION
CARD RBI uses your personal information to provide the services and products that you have availed or intend to avail from CARD RBI, including and together with the following purposes:
- Opening, maintaining, and/or terminations of accounts;
- Ease of contacting/communicating with clients;
- Evaluate, approve, provide, or manage applications, financial products and
services, and other transactions that the client has requested;
- Comply with know-your-customer (KYC) information requirements as specified
under the Manual of Regulations for Banks and other applicable regulations;
- Conduct of credit and background information checks and verification;
- Evaluate client’s eligibility for CARD RBI’s products and services, such as loan
inventory and loan validation; · Perform risk profile and risk assessment;
- Perform Loan Utilization Check (LUC);
- Provide extensive and quality support to the client;
- For internal purposes, such as administrative, operational, audit, credit and risk
- Provide location-based services such as finding the ATM or branch nearest to you;
- Offering and processing of insurance products as authorized by regulatory
- Comply with legal and regulatory requirements such as submission of data to credit
bureaus, credit information companies, the Credit Information Corporation (CIC),
and CISA, responding to court orders and other instructions and requests from any
local or foreign authorities including regulatory, governmental, tax and law
enforcement authorities or other similar authorities;
- Perform other such activities permitted by law or with your consent.
WHEN DO WE COLLECT PERSONAL INFORMATION
CARD RBI collects personal information through, but not limited to, any of the following:
- Face-to-face and/or telephone conversation with CARD RBI Customer Service
- Accomplishment and/or signing of forms/documents (e.g. loan proposal, New
Accounts Form, Insurance Products, Employment application and contracts, and Client Information Form);
- Registration through electronic banking channels and services (e.g. Mobile
Banking Application-konek2CARD, HCIS); and
- Conducting Background and credit investigation and Loan Utilization Check
- inquiries to the Credit Bureau such as CIC, NFIS and MIDAS.
RECIPIENTS OF INFORMATION
We may share your personal information with our subsidiaries, affiliates and third parties, including members of CARD MRI, for the purposes above and with an obligation of confidentiality. Your personal information may similarly be disclosed to government agencies, supervisory bodies, tax authorities, or courts of competent jurisdictions for purposes of complying with banking regulations, which CARD RBI may be subject to such as Republic Act No. 9160 otherwise known as the Anti-Money Laundering Act of 2001 or Republic Act No. 9510 otherwise known as the Credit Information System Act (“CISA”), among others.
If necessary, for the efficient delivery of CARD RBI’s products and services, we may also outsource the processing of your personal information to third-party service providers or CARD MRI, consistent with the terms of this Statement and the provisions of the DPA.
HOW WE SAFEGUARD PERSONAL INFORMATION
In accordance with the provisions of the DPA, Republic Act No. 1405 otherwise known as the Bank Secrecy Law, Republic Act No. 8791 otherwise known as the General Banking Law of 2000, Republic Act No. 6426 otherwise known as The Foreign Currency Deposit Act, BSP Circular No. 808, Series of 2013 otherwise known as the Guidelines on Information Technology Risk Management for All Banks and other Supervised Institutions, and BSP Circular No. 982, Series of 2017 otherwise known as the Enhanced Guidelines on Information Security Management, CARD RBI, its employees, agents and representatives, shall handle personal information with utmost care and adhere to the implemented organizational, physical, and technical security measures to maintain the confidentiality, integrity, security, and availability of all personal information under its custody.
HOW LONG DO WE KEEP YOUR INFORMATION
Documents containing your personal information will be retained in the records and systems of CARD RBI for a period no longer than five years from the date of the termination of your account or of the specific transaction with CARD RBI, unless CARD RBI is required by law to retain the information for a longer period.
YOUR RIGHTS AS DATA SUBJECT
CARD RBI respects your rights to:
1. Be informed;
2. Object to the processing of your personal data;
3. Have reasonable access to your personal data under the custody of CARD RBI;
4. Require immediate correction of inaccurate or erroneous personal data under the custody of CARD
5. Suspend, withdraw or order the blocking, removal or destruction of your personal
data from CARD RBI’s records and/or system; and
6. Be indemnified in case of violation of your rights as data subject.
You may reach us for any questions, concerns or requests you may have on your
personal data and exercising the above rights.
HOW TO CONTACT US
Should you need to get in touch with us for any data privacy concerns or requests or should you have any questions or clarifications regarding the Statement, CARD RBI has adopted a Customer Assistance Management System (CAMS). This is an organized system where customer feedback, inquiries and complaints are carefully handled and processed. Through this channel, a Customer Service Manager, who serves as the representative of the Data Protection Officer shall initially assist you and raise such concerns to the Compliance Unit of CARD RBI.
You may also visit the Customer Service Desk at any of CARD RBI’s branches or call the Customer Service Hotlines at the following numbers:
Tel No. (049)-530-7284
You may also e-mail us at email@example.com or visit our website www.cardmri.com/rbi.
CARD RBI has complied with the registration requirements provided in the Data Privacy Act (DPA) of 2012 and its Implementing Rules and Regulations (IRR) thru the NPC Registration System (NPCRS).
With the NPC Seal of Registration, our Clients and Partners are assured that CARD RBI has completed the first level of DPA compliance.
Alternatively, for any pressing concerns, you may reach our data protection officer at the following contact information:
Telephone Number: (049) 523-1047
Address: P. Guevarra St. corner Aguirre St., Poblacion II, Sta Cruz, Laguna
CHANGES TO OUR PRIVACY STATEMENT
We may amend or modify the terms of this Statement from time to time to ensure relevance with the relevant laws and regulations applicable to CARD RBI. Any relevant modification will be posted on our website and distributed to all CARD RBI branches and Centers.