Data Privacy Notice and Policy | Guagua Rural Bank, Inc.

PRIVACY STAMENT AND NOTICE TO DATA SUBJECTS

Guagua Rural Bank, Inc. (or hereinafter referred to as the “Bank”) is committed to the proper handling and safeguarding of your personal data. As a data subject, we value and assure you that the Bank protects and respects your privacy, personal data and your rights.

This privacy statement applies to past, present and prospective Bank clients and anyone involved in any transaction or business relationship with the Bank whether it’s in your personal capacity or as a representative of a legal entity (for example, a company executive officer, agent, legal representative, operational personnel, etc.) and non-Bank clients such as
payees, contact persons of corporate clients and Bank partners, subject to data retention regulations and Bank policy.

This data privacy notice informs you how the Bank collects your personal data and how we process it in the course of your business with us in compliance with the requirements of the Data Privacy Act of 2012.

I. WHAT ARE THE TYPES OF DATA THAT WE COLLECT?

1. Data for Identification
Personal data that we collect through our official website are limited to what will allow us to properly respond to your queries about the Bank’s product and service offerings as well as complaints. In order for us to do this, we gather only the following personal data from you through our website: Name, Address, Phone, and E-mail Address.
As a matter of implementing the Bank’s customer identification process, our banking offices collect the minimum information and other required information subject to applicable laws.

2. Data for Availment of the Bank’s Products and Services
It includes your identification data; transaction data such as account numbers and reference numbers related to your account and other data required to process your transaction that can be found on the transaction ledger maintained by the Bank; financial data such as invoices, credit notes, payslips, payment behaviour, the value of your property or other assets, your credit history, credit capacity, financial products you have with the Bank, whether you are registered with a credit register, payment arrears and income information; socio-demographic data whether you are married and have children; and, data about your interests and needs that you share with us through the accomplishment of Bank surveys for the purpose of continuously improving the Bank products and services.

We will not record sensitive data relating to your health, ethnicity, religious or political beliefs unless it is necessary. When we do, it is limited under specific circumstances that will be communicated to you requiring your consent.

II. WHAT IS THE PURPOSE OF OUR DATA COLLECTION?

We use your personal data for legitimate purposes, as follows:

1. To facilitate the administration, servicing and implementation of the maintenance of your accounts and transactions.

2. To implement our credit risk management framework such as credit risk and behavioural analysis in assessing your ability to repay a loan based on your personal data and other required information.

3. To operationalize our products and services delivery.

4. To provide you with suitable products and services by gathering and analyzing the information collected for the improvement and development of the Bank’s products and services.

5. To manage customer relationships through your feedbacks, notes we have acquired during conversations with you by our employees in person / via telephone / via website regarding your business dealings and transactions with us as well as personalized marketing.

6. To prevent and detect fraud and unusual activities that may compromise data security.

7. To comply with internal and external reporting requirements as part of statutory directives and legal obligations.

III. HOW DO WE PROTECT, SHARE AND RETAIN DATA?

1. Data Protection
In keeping your data safe, we implement an internal framework of policies and standards across all our banking offices and business dealings and transactions to include a combination of secure computer and centralized storage facilities and paper-based files and other records.
These policies and standards are periodically reviewed, updated and enhanced to be aligned with regulations and market developments. Appropriate measures and controls are operationalized to ensure the confidentiality, integrity and availability of your personal data and how it is processed.

2. Data Sharing
We will not share nor disclose your personal data to any third-party without your explicit consent; however, we are bound to do so under particular circumstances covering legal obligations or compliance with regulatory agencies, laws, or as required by police authorities.
Moreover, Bank directors, officers and employees are subject to confidentiality and are not required to disclose your personal data unlawfully or unnecessarily.

To optimize our operational capacity and efficiency, consistent with state laws and in line with regulatory rules and procedures as a supervised entity, we may share your data with the following:

2.1. Government Authorities
To comply with the directives of our primary regulators To comply with our regulatory obligations on preventing money laundering and terrorism To comply with regulations on central credit information To comply with tax regulations
To comply with periodic examination and audit conducted by authorized parties To comply with legal requests or court orders on judicial/investigative matters such as the police, public prosecutors, courts and arbitration/mediation bodies

2.2. Financial / Remittance Institutions
There are products and services provided by the Bank where other financial/remittance institutions are involved such as the transfer of funds and settlement of payments where your name, address, birthdate, place of birth and account/reference number as sender or beneficiary will be shared or collected.

2.3. Service Providers
We engage service providers as subject to a thorough due diligence process. We use personal data that are required for a particular service we engage in. The Bank activities supported by our service providers include:
Placement of advertisements on apps, websites and social media
Preparation of reports, statistics and related models, printed materials and product design
Designing and maintaining of inter-based tools and applications
Collection of funds
Performance of approved services and operations

3. Data Retention
We keep your personal data for as long as it is necessary in congruence to regulatory provisions on data retention. We will only keep records of your data beyond the retention period required by regulations, if we are bound to do so under circumstances covering legal obligations or compliance with regulatory agencies, laws, or as required by police authorities.

IV. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

As a data subject you are entitled to the following rights:

1. Right to be informed on the nature, process and extent of processing we perform on your

personal data.

2. Right to request for a copy of the personal data we collect from you, apply corrections in case of errors and be given a copy of it either electronically or in any other recommended format that allows for you to have continued use of your personal data.

3. Right to object on the processing of your personal data. You also have the right to withdraw your consent and request for stoppage from further processing of your personal data and ultimately have your personal data deleted from our processing
systems. Moreover, exercising these rights will be entertained by the Bank but may enable us not to process further any transaction you may have with the Bank.

4. Should you have objections or complaints to the way we process your personal data, or have substantial proof allowed under the Data Privacy Act of 2012 that your personal data was mishandled by the Bank, you have the right to file a complaint with the National Privacy Commission and be indemnified for any damages due to you.

V. WHAT ARE YOUR DUTIES AS A DATA SUBJECT?

To commence and execute our duties as a bank and fulfill our associated contractual duties, you will duly provide certain information based on the requirements of the Bank.
There is also information that we are legally obliged to collect. Without these data we may not be able to open an account for you or perform certain banking activities.

VI. SCOPE OF THIS PRIVACY STATEMENT

This privacy policy does not govern the collection and use of information by companies that we do not control, nor by individuals not employed or managed by us. If you visit a Web site that we mention or link to, be sure to review its privacy policy before providing the site with information.
We reserve the right to change this privacy policy as deemed necessary or appropriate because of legal compliance requirements or changes in our business practices. If you have provided us with an email address, we will endeavor to notify you, by email to that address, of any material change on how we will use your personal data.

VII. CONTACT INFORMATION

If you wish to exercise any of your rights or have further inquiries regarding how the Bank manages and handles your personal data, you may reach out to our Data Protection Officer at dpo.grbank@gmail.com. For complaints and other concerns, you may contact our Consumer Support Unit at info@grbank.com.ph Bank is supervised by the Bangko Sentral ng Pilipinas (BSP). You may also call or email the BSP’s Financial Consumer Protection Department at (02) 708-7087 or
consumeraffairs@bsp.gov.ph.