Camalig Bank, Inc. (or hereinafter referred to as the “Bank”) is committed to the proper handling and safeguarding of your personal data. As a data subject, we value and assure you that the Bank protects and respects your privacy, personal data and your rights.
This privacy statement applies to past, present and prospective Bank clients and anyone involved in any transaction or business relationship with the Bank whether it’s in your personal capacity or as a representative of a legal entity (for example, a company executive officer, agent, legal representative, operational personnel, etc.) and non-Bank clients such as payees, contact persons of corporate clients and Bank partners, subject to data retention regulations and Bank policy.
This data privacy notice informs you how the Bank collects your personal data and how we process it in the course of your business with us in compliance with the requirements of the Data Privacy Act of 2012.
I. WHAT ARE THE TYPES OF DATA THAT WE COLLECT?
1. Data for Identification
Personal data that we collect through our official website are limited to what will allow us to properly respond to your queries about the Bank’s product and service offerings as well as complaints. In order for us to do this, we gather only the following personal data from you through our website: Name, Address, Phone, and E-mail Address.
As a matter of implementing the Bank’s customer identification process, our banking offices collect the minimum information and other required information subject to applicable laws.
2. Data for Availment of the Bank’s Products and Services
It includes your identification data; transaction data such as account numbers and reference numbers related to your account and other data required to process your transaction that can be found on the transaction ledger maintained by the Bank; financial data such as invoices, credit notes, payslips, payment behaviour, the value of your property or other assets, your credit history, credit capacity, financial products you have with the Bank, whether you are registered with a credit register, payment arrears and income information; socio-demographic data whether you are married and have children; and, data about your interests and needs that you share with us through the accomplishment of Bank surveys for the purpose of continuously improving the Bank products and services.
We will not record sensitive data relating to your health, ethnicity, religious or political beliefs unless it is necessary. When we do, it is limited under specific circumstances that will be communicated to you requiring your consent.
3. Data for Job Application with the Bank
For job applicants, we collect personal data from you for us to properly match your profile with our various job openings and their respective requirements. The personal data that we gather are grouped accordingly allowing us to communicate with you and validate the following:
3.1. Your basic personal and family background
3.2. Your educational background
3.3. Your employment background (if any)
3.4. Information required to be asked and collected by virtue of a BSP requirement
Furthermore, we will only keep your personal data as long as your application is considered active and will properly dispose such data once deemed necessary, either through filling in of vacancy applied for or withdrawal, or lack of feedback from you about your application.
4. Data to be Collected from Current Employees, Officers and the Board of Directors
We also collect information with our human resource for reasons such as:
4.1. Personnel Record
4.2. Leave/Absence Management
4.3. Key Skills Assessment and Performance Management
4.4. Legal requirements
4.5. Supply management information
We ensure that the data we collect from our employees, officers and the members of the Board shall be handled with utmost confidentiality and protected for the rights of our human resource. Retention of data shall be governed by the Bank’s AMLA Manual and personnel records shall be kept in the premises for only within the retention period required by the regulations.
5. Data for the Bank’s Business Engagement with Partners
To conduct administration of business relationships with our partners, we collect personal information which may include a person’s names, dates of birth, address, and payment information only relating to corporate bodies. This information will be processed for the purpose of legal obligations may include storage and identification requirements.
II. WHAT IS THE PURPOSE OF OUR DATA COLLECTION?
We use your personal data for legitimate purposes, as follows:
1. To facilitate the administration, servicing and implementation of the maintenance of your accounts and transactions.
2. To implement our credit risk management framework such as credit risk and behavioural analysis in assessing your ability to repay a loan based on your personal data and other required information.
3. To operationalize our products and services delivery.
4. To provide you with suitable products and services by gathering and analyzing the information collected for the improvement and development of the Bank’s products and services.
5. To manage customer relationships through your feedbacks, notes we have acquired during conversations with you by our employees in person / via telephone / via website regarding your business dealings and transactions with us as well as personalized marketing.
6. To prevent and detect fraud and unusual activities that may compromise data security.
7. To comply with internal and external reporting requirements as part of statutory directives and legal obligations.
III. HOW DO WE PROTECT, SHARE AND RETAIN DATA?
1. Data Protection
In keeping your data safe, we implement an internal framework of policies and standards across all our banking offices and business dealings and transactions to include a combination of secure computer and centralized storage facilities and paper-based files and other records. These policies and standards are periodically reviewed, updated and enhanced to be aligned with regulations and market developments. Appropriate measures and controls are operationalized to ensure the confidentiality, integrity and availability of your personal data and how it is processed.
2. Data Sharing
We will not share nor disclose your personal data to any third-party without your explicit consent; however, we are bound to do so under particular circumstances covering legal obligations or compliance with regulatory agencies, laws, or as required by police authorities. Moreover, Bank directors, officers and employees are subject to confidentiality and are not required to disclose your personal data unlawfully or unnecessarily.
To optimize our operational capacity and efficiency, consistent with state laws and in line with regulatory rules and procedures as a supervised entity, we may share your data with the following:
2.1. Government Authorities
To comply with the directives of our primary regulators
To comply with our regulatory obligations on preventing money laundering and terrorism
To comply with regulations on central credit information
To comply with tax regulations
To comply with periodic examination and audit conducted by authorized parties
To comply with legal requests or court orders on judicial/investigative matters such as the police, public prosecutors, courts and arbitration/mediation bodies
2.2. Financial / Remittance Institutions
There are products and services provided by the Bank where other financial/remittance institutions are involved such as the transfer of funds and settlement of payments where your name, address, birthdate, place of birth and account/reference number as sender or beneficiary will be shared or collected.
2.3. Service Providers
We engage service providers as subject to a thorough due diligence process. We use personal data that are required for a particular service we engage. The Bank activities supported by our service providers include:
Placement of advertisements on apps, websites and social media
Preparation of reports, statistics and related models, printed materials and product design
Designing and maintaining of inter-based tools and applications
Collection of funds
Performance of approved services and operations
3. Data Retention
We keep your personal data for as long as it is necessary in congruence to regulatory provisions on data retention. We will only keep records of your data beyond the retention period required by regulations, if we are bound to do so under circumstances covering legal obligations or compliance with regulatory agencies, laws, or as required by police authorities.
IV. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?
As a data subject you are entitled to the following rights:
1. Right to be informed on the nature, process and extent of processing we perform on your personal data.
2. Right to request for a copy of the personal data we collect from you, apply corrections in case of errors and be given a copy of it either electronically or in any other recommended format that allows for you to have continued use of your personal data.
3. Right to object on the processing of your personal data. You also have the right to withdraw your consent and request for stoppage from further processing of your personal data and ultimately have your personal data deleted from our processing systems. Moreover, exercising these rights will be entertained by the Bank but may enable us not to process further any transaction you may have with the Bank.
4. Should you have objections or complaints to the way we process your personal data, or have substantial proof allowed under the Data Privacy Act of 2012 that your personal data was mishandled by the Bank, you have the right to file a complaint with the National Privacy Commission and be indemnified for any damages due to you.
V. WHAT ARE YOUR DUTIES AS A DATA SUBJECT?
To commence and execute our duties as a bank and fulfil our associated contractual duties, you will duly provide certain information based on the requirements of the Bank.
There is also information that we are legally obliged to collect. Without these data we may not be able to open an account for you or perform certain banking activities.
VI. SCOPE OF THIS PRIVACY STATEMENT
This privacy policy does not govern the collection and use of information by companies that we do not control, nor by individuals not employed or managed by us. If you visit a Web site that we mention or link to, be sure to review its privacy policy before providing the site with information.
We reserve the right to change this privacy policy as deemed necessary or appropriate because of legal compliance requirements or changes in our business practices. If you have provided us with an email address, we will endeavour to notify you, by email to that address, of any material change on how we will use your personal data.
VI. SCOPE OF THIS PRIVACY STATEMENT
If you wish to exercise any of your rights or have further inquiries regarding how the Bank manages and handles your personal data, you may reach out to our Data Protection Officer at privacy@camaligbank.com.ph.
For complaints and other concerns, you may contact our Consumer Support Unit at customer-support@camaligbank.com.ph.
Camalig Bank is supervised by the Bangko Sentral ng Pilipinas (BSP). You may also call or email the BSP’s Financial Consumer Protection Department at (02) 708-7087 or consumeraffairs@bsp.gov.ph.