PRIVACY NOTICE AND POLICY

GUAGUA RURAL BANK (“GRBANK” or “the Bank”), with an aim to live up and promote the culture of privacy within the organization, is zealous and dedicated to carry out the mandatory requirements of Data Privacy to safeguard and preserve your Personal Data (or “personal information, personal sensitive information or privileged information”).

Pursuant to the Data Privacy Act of 2012 {RA 10173) and its Implementing Rules and Regulations (IRR), the Bank also joins the privacy march to meet the full extent of data privacy and protection, exercise compliance and demonstrate respect of your RIGHTS; to be informed, to object, to access, to erasure or blocking, to file damages and the right to data portability and transfer as defined in Sec. 16. Rights of the Data Subject.

General Principles of Data Privacy

Your personal data (personal information, sensitive personal information or privileged information) is invaluable to us and the Bank is duty bound to develop applicable policies and implement guidelines to ensure that you as Data Subjects (“otherwise known as Clients”) are completely made aware and well-informed on how your personal information will be processed, where it will be stored and for how long, who do we disclose or share it to with and how will the Bank securely delete and dispose them of when no longer needed.

Under the rules of transparency, legitimacy and proportionality, the Bank shall COLLECT, USE and ACCESS personal data such as your name, previous employment information, date of birth, place of birth, gender, nationality, civil status, permanent & present address/es, contact number (mobile and landline phone), email address, TIN, SSS/GSIS, Phil Health Number, License Number and Passport Number inter alia, in the furtherance of our client-bank relationship (account opening, loan application, account closure and loan payout and other transactional meeting with/in branch personnel/officers).

The Bank shall also STORE and RETAIN your Personal Data in paper and electronic forms, in the Bank’s Customer Information File system (CIF) and other repository within the duration of our banking relationships, and will be stored for a minimum period of 5 years from the time of Account Closure. Corollary, the Bank shall responsibly DELETE, DISPOSE OF and DESTROY said personal data to the extent provided by the relevant retention policy.

Finally, GR BANK will SHARE and DISCLOSE said information on the furtherance of its business and, as required by existing laws and regulations, and will exercise protection measures for security and control access by authorized personnel/officers to preserve the Confidentiality, Availability and integrity of your personal data (paper/electronic/recorded forms) under the requirements of Sec. 21. Principle of Accountability.